Questions about this topic? Sign up to ask in the talk tab.
Difference between revisions of "Session hijacking"
From NetSec
TriciaNoonan (Talk | contribs) |
|||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 2: | Line 2: | ||
Session hijacking is yet another [[vulnerability]] in the world wide web. Session hijacking works when an attacker re-uses someone else’s [[HTTP]] or [[PHP]] session when the session has not expired yet, giving the attacker access to the session-based web site as the user that the hijacked session came from. Cookie-based authentication is another flaw in the world wide web. If an attacker is [[sniffing]] a connection between a user and a server, the attacker could hijack and intercept the user’s cookie, impersonating the user and giving the attacker that user’s access to the cookie-based web site. Flaws like this will not currently flag in Cisco [[IDS]]. | Session hijacking is yet another [[vulnerability]] in the world wide web. Session hijacking works when an attacker re-uses someone else’s [[HTTP]] or [[PHP]] session when the session has not expired yet, giving the attacker access to the session-based web site as the user that the hijacked session came from. Cookie-based authentication is another flaw in the world wide web. If an attacker is [[sniffing]] a connection between a user and a server, the attacker could hijack and intercept the user’s cookie, impersonating the user and giving the attacker that user’s access to the cookie-based web site. Flaws like this will not currently flag in Cisco [[IDS]]. | ||
| − | |||
| − | |||
| − | |||
Latest revision as of 22:00, 19 May 2012
|
Maybe some examples of XSS/CSRF for this? |
Session hijacking is yet another vulnerability in the world wide web. Session hijacking works when an attacker re-uses someone else’s HTTP or PHP session when the session has not expired yet, giving the attacker access to the session-based web site as the user that the hijacked session came from. Cookie-based authentication is another flaw in the world wide web. If an attacker is sniffing a connection between a user and a server, the attacker could hijack and intercept the user’s cookie, impersonating the user and giving the attacker that user’s access to the cookie-based web site. Flaws like this will not currently flag in Cisco IDS.
