Questions about this topic? Sign up to ask in the talk tab.

Session hijacking

From NetSec
Revision as of 03:46, 7 December 2010 by TriciaNoonan (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
c3el4.png Maybe some examples of XSS/CSRF for this?

Session hijacking is yet another vulnerability in the world wide web. Session hijacking works when an attacker re-uses someone else’s HTTP or PHP session when the session has not expired yet, giving the attacker access to the session-based web site as the user that the hijacked session came from. Cookie-based authentication is another flaw in the world wide web. If an attacker is sniffing a connection between a user and a server, the attacker could hijack and intercept the user’s cookie, impersonating the user and giving the attacker that user’s access to the cookie-based web site. Flaws like this will not currently flag in Cisco IDS.

Retrieved from "http://nets.ec/index.php?title=Session_hijacking&oldid=983"