Tag: session

CakePHP, PHP

How to configure session in CakePHP 3

Let’s see how can we configure session in cakePHP to something safer. 1. Open config/app.php file 2. Scroll down to the end of file and locate: ‘Session’ => [ ‘defaults’ => ‘php’, ],’Session’ => [ ‘defaults’ => ‘php’, ], and change it to this: ‘Session’ => [ ‘defaults’ => ‘database’, ‘cookie’ => ‘webapptest’, ‘timeout’ => …

Enumeration

Enumerate user accounts through null sessions

There is a very useful program, in BackTrack you will find it pre-installed, named rpcclient. This tool executes client side MS-RPC functions and is part of samba. rpcclient manpage   Open up a terminal and execute: rpcclient -U "" target_ip_addressrpcclient -U "" target_ip_address In password prompt just hit enter.   If the connection is successful …

Exploits, Vulnerabilities

Preventing Session fixation – hijacking

“Session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person’s session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data..” from Wiki. Let’s see some countermeasures we can take to …