Bugtraq mailing list archives
Invision Power Board v2.1.4 - session hijacking
From: Hans Wolters <hans.wolters () xs4all nl>
Date: Tue, 14 Mar 2006 19:32:16 +0100
Problem:Invision Board v2.1.4 has a problem with sessions. Once it is installed on a server where php is allowed to
use transparant sessions a session can be hijacked by other users. Testing:Once you visit a site where Invision Board is used the first click on the Log In link points the visitor to a link with the session id in it:
index.php?s=<session_id>&act=Login&CODE=00If you copy this session id, login and start a different browser (not a new instance) then you only need to copy the session id url into the different browser to login without giving the password and login name.
Any links within the forum where the session_id is linked to the url will enable other people (perhaps only within the same network where the ipnumber is natted) to login when users are online and logged in.
Reported: Contacted the authors on march 1st, no response.Contacted the author via the email address listed on this list, no respons.
Regards, Hans
Current thread:
- Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 15)
- Re: Invision Power Board v2.1.4 - session hijacking Peter Conrad (Mar 16)
- <Possible follow-ups>
- Re: Invision Power Board v2.1.4 - session hijacking matt (Mar 16)
- Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 16)
- Re: Invision Power Board v2.1.4 - session hijacking exon (Mar 20)
- Message not available
- Re: Invision Power Board v2.1.4 - session hijacking exon (Mar 20)
- Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 16)
- Re: Invision Power Board v2.1.4 - session hijacking Bill Nash (Mar 20)
- Re: Invision Power Board v2.1.4 - session hijacking Hans Wolters (Mar 20)