• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHP Session Handling Local Session Hijacking Vulnerability

PHP is prone to a vulnerability that permits local hijacking of session variables. The problem presents itself in the way PHP stores session variables.

This issue can be exploited to hijack the session variables of victim users of other PHP applications running on a system utilizing a vulnerable version of PHP.

This issue is reported to effect the 3.x and 4.x versions of PHP; other versions may also be affected.