Session Fixation in slackero/phpwcms
Aug 31st 2021
A malicious actor with access to the computer is able to reveal the loaded site's actual PHPSESSID value. Since upon login, this value does not change, the attacker can gain access via session hijacking, when the target logs in on the compromised computer.
🕵️♂️ Proof of Concept
- Open the site's login.php, by browsing the https://[SERVERADDRESS]/login.php
- Obtain the PHPSESSID value
- Initiate a valid login
- View the PHPSESSID value again
Upon successful attack, the malicious actor is able to hijack even the administrator's session, what causes total compromise of the application's functionality.