|
Session poisoning (also referred to as "session data pollution" and "session modification") is a method to exploit insufficient input validation within a server application. Typically a server application that is vulnerable to this type of exploit will copy user input into session variables. The underlying vulnerability is a state management problem: shared state, race condition, ambiguity in use or plain unprotected modifications of state values. Session poisoning has been demonstrated in server environments where different, non-malicious applications (scripts) share the same session states but where usage differ, causing ambiguity and race conditions. Session poisoning has been demonstrated in scenarios where attacker is able to introduce malicious scripts into the server environment, which is possible if attacker and victim share a web host. ==Origins== Session poisoning was first discussed as a (potentially new) vulnerability class in the Full disclosure mailing list. Alla Bezroutchko inquired if "Session data pollution vulnerabilities in web applications" was a new problem in January 2006. However, this was an old vulnerability previously noted by others: "this is a classic state management issue" - Yvan Boily; "This is not new" - /someone. Earlier examples of these vulnerabilities can be found in major security resources/archives such as Bugtraq, e.g. *July 2001, Serious security hole in Mambo Site Server version 3.0.X by Ismael Peinado Palomo of reverseonline.com *September 2005, PHP Session modification by unknow (from uw-team) and adam_i Session pollution has also been covered in some articles, such as PHP Session Security, Przemek Sobstel, 2007.〔(【引用サイトリンク】title=Segfault Labs )〕 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Session poisoning」の詳細全文を読む スポンサード リンク
|