Penetration Testing mailing list archives
Exploiting Session Fixation on ASP
From: pentest pentest <pentest108 () gmail com>
Date: Thu, 5 Feb 2009 12:58:04 +0200
Hi guys, Just a quick question. I've found a few places (e.g. http://www.owasp.org/index.php/Session_Fixation_Protection) where it's mentioned that ASP applications are vulnerable by default to Session Fixation. However, how do you exploit this vulnerability in real life? On PHP you just use something like http://site.com/?PHPSESSID=something But on ASP, you cannot do something like http://site.com/?ASPSESSIONID=something because it will not work. So, how do you exploit Session Fixation in real life? Thanks in advance and have a nice day,
Current thread:
- Exploiting Session Fixation on ASP pentest pentest (Feb 05)
- Re: Exploiting Session Fixation on ASP Rogan Dawes (Feb 10)
- Re: Exploiting Session Fixation on ASP pentest pentest (Feb 10)
- Re: Exploiting Session Fixation on ASP Rogan Dawes (Feb 10)
- Re: Exploiting Session Fixation on ASP pentest pentest (Feb 10)
- Re: Exploiting Session Fixation on ASP arvind doraiswamy (Feb 10)
- RE: Exploiting Session Fixation on ASP Rui Pereira (WCG) (Feb 11)
- Re: Exploiting Session Fixation on ASP Rogan Dawes (Feb 10)