-
Hi @prasathmani,
Hope you are doing good. I have discovered **Session Fixation Vulnerability** in all versions including the latest. Following are the steps to reproduce:
1. Login to filemanager…
-
Key points:
- https://www.exploit-db.com/exploits/41239 (Zoneminder 1.29/1.30 - Cross-Site Scripting / SQL Injection / Session Fixation / Cross-Site Request Forgery)
- Use sqlmap
-
```
C/o Justin:
"I'd love two additional tab on final summary window. One tab to
show a value over time graph like webscarab, and one tab showing a #
of unique characters per position (basically Bur…
-
**Session_Fixation** issue exists @ **root/register.jsp** in branch **master**
*Method session.setAttribute at line 34 of root\register.jsp performs user authentication without terminating existing…
-
**Session_Fixation** issue exists @ **root/logout.jsp** in branch **master**
*Method session.setAttribute at line 3 of root\logout.jsp performs user authentication without terminating existing sess…
-
**Session_Fixation** issue exists @ **root/register.jsp** in branch **develop**
*Method session.setAttribute at line 34 of root\register.jsp performs user authentication without terminating existin…
-
**Session_Fixation** issue exists @ **root/login.jsp** in branch **develop**
*Method session.setAttribute at line 22 of root\login.jsp performs user authentication without terminating existing sess…
-
**Session_Fixation** issue exists @ **root/logout.jsp** in branch **develop**
*Method session.setAttribute at line 3 of root\logout.jsp performs user authentication without terminating existing ses…
-
```
What steps will reproduce the problem?
1. Prepare a Web application that has the following characteristics:
- When logging in to the app without a session cookie, it returns the status code 400
…
-
**Session_Fixation** issue exists @ **root/logout.jsp** in branch **main**
*Method session.setAttribute at line 3 of root\logout.jsp performs user authentication without terminating existing sessio…