TUCoPS :: HP Unsorted O :: va3044.htm

OSCommerce Session Fixation Vulnerability
OSCommerce Session Fixation Vulnerability
OSCommerce Session Fixation Vulnerability



There is a flaw in the way OSCommerce handles sessions. =0D
=0D
When a client visits a OSCommerce web page, the server sends a cookie. That cookie will be the session cookie for every further requests. Thus, once logged in, the cookie will be used to authenticate the user.=0D
=0D
When logging in (without cookies), the URL will look something like http://myserver/myapp/index.php?oscid=sometext=0D 
=0D
An attacker can send a link crafted like that http://myserver/myapp/index.php?oscid=arbitrarysession. If the admin/user follows the link and logs in, his cookie will still be arbitrarysession. Thus, the attacker can hijack the session because he set the cookie. =0D 
=0D
P.S. Thanks to the whole TeaM Random (www.etsmtl.ca) for this bug. 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH