会话固定攻击复制,学期论文 (php)

发布于 2024-11-29 03:23:17 字数 1153 浏览 3 评论 0原文

我正在尝试为我的学期论文复制会话,并且我在这里找到了很多提示,但无法复制对我的本地主机的攻击。

我尝试过这里的一个例子: http://www.devshed.com/c/a/ PHP/Sessions-and-Cookies/2/

fixation.php:

  <?php 
  session_start(); 
  $_SESSION['username'] = 'chris'; 
  ?>

test.php

  <?php 
  session_start(); 
  if (isset($_SESSION['username']))
  { 
    echo $_SESSION['username'];
  }     
  ?>

文章说我应该能够通过以下方式固定会话:

http://example.org/fixation.php?PHPSESSID=1234

但检查请求标头似乎不起作用:

Cookie  PHPSESSID=0avpo8ttlmg35apkjaovj6dgd3

另外,还有一个tmp 文件夹中的“sess_0avpo8ttlmg35apkjaovj6dgd3”文件。

我有点迷失在这里,并尝试了多个类似的例子,但没有成功......


一点更新
在 php.ini 中,设置这些值:

session.use_trans_sid = 1 
session.use_cookies = 0 

并注释掉 session.save_handler 禁用在 cookie 中保存会话并生成 tmp 文件(我想,如果我错了,请纠正我)。现在我可以修复会话(tmp 文件夹中有一个名为 sess_1234 的文件)并劫持它(在另一个浏览器中打开,恢复状态)。再次,如果我错了,请纠正我 - 会话固定是在最近的 php 版本中完全修补的还是只是这个简单的攻击?我当前的版本是5.3.4

I'm trying to replicate session for my term paper and I've found quite a bit tips here, but can't replicate an attack on my localhost.

I've tried an example from here:
http://www.devshed.com/c/a/PHP/Sessions-and-Cookies/2/

fixation.php:

  <?php 
  session_start(); 
  $_SESSION['username'] = 'chris'; 
  ?>

test.php

  <?php 
  session_start(); 
  if (isset($_SESSION['username']))
  { 
    echo $_SESSION['username'];
  }     
  ?>

Article says I should be able to fixate session with:

http://example.org/fixation.php?PHPSESSID=1234

But inspecting the request headers it doesn't seem to work:

Cookie  PHPSESSID=0avpo8ttlmg35apkjaovj6dgd3

Also, there is an "sess_0avpo8ttlmg35apkjaovj6dgd3" file in tmp folder.

I'm kind of lost here and have tried more than a few similar examples that didn't work...


A little update
in php.ini, setting these values:

session.use_trans_sid = 1 
session.use_cookies = 0 

and commenting out session.save_handler disables saving session in cookie and generating tmp file (i presume, please correct me if I'm wrong). Now I'm able to fixate the session (there is a file in tmp folder named sess_1234) and hijack it too (open in another browser, resume state). Again, corrent me if I'm wrong - was session fixation completley patched in recent php versions or just this simple attack? My current version is 5.3.4

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

请恋爱 2024-12-06 03:23:17

从这篇文章和您向我们更新的内容中,我可以得知这一点。

PHP 并没有完全修复该攻击,但它为开发人员提供了选择,不允许服务器从 URL 接受 PHPSESSID,并强制服务器仅从 cookie 接受 PHPSESSID。这样,您链接的文章中显示的示例变得更加难以提交(但这并不意味着不可能!)。在某种程度上,这是一种非常简单的攻击,并且取决于要启用的某些配置选项,但如果启用了这些选项,则攻击是非常合法的。

这让我想起了一点魔法引号。该功能本应帮助人们阻止 SQL 注入,但最终却让一些新的 PHP 开发人员编写了容易发生 SQL 注入的代码。魔术引号(直到 PHP 5.4)仍然可以启用,允许人们通过 SQL 注入编写代码,但就像 PHPSESSID 一样,开发人员可以决定是否启用这些选项。

From the article and what you have updated us with, this is what I can tell.

PHP didn't completely patch the attack, but it has given the developer the choice to not allow the server to accept PHPSESSID from the URL and force it to only accept it from the cookie. This way, examples which are shown in the article you linked become much more difficult to commit (but this doesn't mean impossible by any means!). In a way it is a very simple attack and is dependent on certain configuration options to be enabled, but if they are enabled the attack is very legitimate.

This reminds me a little bit of magic quotes. A feature which was suppose to help people thwart SQL injections, but in the end just made some new PHP developers write SQL injection prone code. Magic quotes (until PHP 5.4) can still be enabled allowing people to write code with SQL injections, but just like the PHPSESSID the developer can decide if they want these options enabled or not.

自由范儿 2024-12-06 03:23:17

尝试更改浏览器中的 cookie。使用 Firefox,安装“Web Developer”工具栏扩展。然后从 Cookie 菜单中选择“编辑 Cookie”并更改您的域的值或创建您尝试复制的新 Cookie。

Try changing the cookie in your browser. Using firefox, install the "Web Developer" tool bar extension. Then from the Cookies menu, choose "Edit Cookie" and change the value for your domain or create the new cookie that your trying to replicate.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文