PHP :: Bug #10902 :: Possible security hole via external modification of session vars

Bug #10902	Possible security hole via external modification of session vars
Submitted:	2001-05-16 10:17 UTC	Modified:	2001-05-16 10:35 UTC
From:	luci at conexim dot com dot au	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.0.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

[2001-05-16 10:17 UTC] luci at conexim dot com dot au

This is kind of similar to the old file upload problem, where you could set variables in a POST.

In some cases (depends on the way the code is written), if a site stores login status (eg. user name, etc) in session variables after an authorisation check, it is possible to pass values as the same-named session vars, and therefore actually bypass the authorisation step getting access to restricted areas.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-05-16 10:19 UTC] luci at conexim dot com dot au

Not really a bug, just an issue.

[2001-05-16 10:35 UTC] cynic@php.net

this could only happen with a misconfigured PHP - you would have to set it to register globals AND extract GET/POST data AFTER session data.

proper configuration is an admin reponsibility.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Thu Apr 18 17:01:28 2024 UTC