Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to forge a PHP session ID?

Tags:

php

session

If a page checks for the existence of a PHP Session:

if (isset($_SESSION['secret'])) {...grant access to EVERYTHING!!!}

Is it possible / How could I generate $_SESSION['secret'] on my machine, in a situation where I don't have access to the page's back-end code? I'm trying to hack into the international space station...

like image 693
d-_-b Avatar asked Oct 06 '22 13:10

d-_-b


1 Answers

You cannot. Or well, you can generate a $_SESSION['secret'] on your machine, but it is a different value and you cannot simply put it onto the ISS. You cannot directly alter the $_SESSION superglobal unless there's a bug or security hole in the script that lets you.

like image 77
GolezTrol Avatar answered Oct 10 '22 01:10

GolezTrol