Session Fixation in pheditor/pheditor
Oct 2nd 2021
PHPEditor session are not regenerated after every login leading to possible session fixation attacks (local attack vector)
Proof of Concept
1. Open two browsers (Browser 1: Attacker, Browser 2: Victim) 2. Visit PHP-EDITOR]/phpeditor.php server and copy cookie from Browser 1 3. Paste the cookie from Browser 1 in Browser 2. 4. Login in Browser 2. 5. Refresh Browser 1 to see that you have successfully logged in[
Attackers can trick users by pasting their own cookies into a browser first in a shared computer without logging in. When the victim logs in, the attacker's cookies are now authenticated and they can login as user.
Regenerate session cookies after login