e3bc01dc52
git-svn-id: http://webgoat.googlecode.com/svn/trunk@313 4033779f-a91e-0410-96ef-6bf7bf53c507
33 lines
1.3 KiB
HTML
33 lines
1.3 KiB
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> Session Fixation</p>
|
|
</div>
|
|
|
|
<p><b>Concept / Topic To Teach:</b> </p>
|
|
How to steal a session with a 'Session Fixation'
|
|
<br>
|
|
<div align="Left">
|
|
<p>
|
|
<b>How the attacks works:</b>
|
|
</p>
|
|
A user is recognized by the server by an unique Session ID. If a
|
|
user has logged in and is authorized he does not have to
|
|
reauhorize when he revisits the application as the user is recognized
|
|
by the Session ID. In some applications it is possible to deliver
|
|
the Session ID in the Get-Request. Here is where the attack starts.
|
|
<br><br>
|
|
An attacker can send a hyperlink to a victim with a choosen Session ID.
|
|
This can be done for example by a phishing mail.
|
|
If the victim clicks on the link and loggs in he is authorized
|
|
by the Session ID the attacker has choosen. The attacker
|
|
can visit the page with the same ID and is recognized as the victim and
|
|
gets logged in without authorization.
|
|
</div>
|
|
<p><b>General Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
This lesson has several stages. You play the attacker but also the victim.
|
|
After having done this lesson it should be understood how
|
|
a Session Fixation in general works. It should be also understood that
|
|
it is a bad idea to use the Get-Request for Session IDs.
|
|
<!-- Stop Instructions -->
|
|
|