PHP :: Bug #10902 :: Possible security hole via external modification of session vars

Bug #10902	Possible security hole via external modification of session vars
Submitted:	2001-05-16 10:17 UTC	Modified:	2001-05-16 10:35 UTC
From:	luci at conexim dot com dot au	Assigned:
Status:	Not a bug	Package:	Session related
PHP Version:	4.0.5	OS:	Linux
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	luci at conexim dot com dot au
New email:
PHP Version:		OS:

New Comment:

[2001-05-16 10:17 UTC] luci at conexim dot com dot au

This is kind of similar to the old file upload problem, where you could set variables in a POST.

In some cases (depends on the way the code is written), if a site stores login status (eg. user name, etc) in session variables after an authorisation check, it is possible to pass values as the same-named session vars, and therefore actually bypass the authorisation step getting access to restricted areas.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2001-05-16 10:19 UTC] luci at conexim dot com dot au

Not really a bug, just an issue.

[2001-05-16 10:35 UTC] cynic@php.net

this could only happen with a misconfigured PHP - you would have to set it to register globals AND extract GET/POST data AFTER session data.

proper configuration is an admin reponsibility.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sun Dec 22 11:01:30 2024 UTC