Improper Session Management can lead to leaking details about the user and allow it to be vunerable to session hijacking (the attacker can use the long lasting details to pretend to be the validated user).
Located
Logout Button (logout.inc.php)
HTTP request type
Vunerable parameter / behaviour
Session Variables & Cookies
Payload / actions for reproduction
The user clicks logout
The user is sent to the logout page
The user is not actually logged out (verify by pressing the back button)
The session is vulnerable to leaking details to attackers
Code fix
Implement proper session termination
// Start session
session_start();
// Set cookie of session name to a blank string
setcookie(session_name(), '');
// Unset all session variables
session_unset();
// Destroy session
session_destroy();
// Regenerate session variables array
$_SESSION = array();
// Redirect logged out user to logout
header("Location: ../logout.php");
exit();
Vulnerability
Improper Session Management.
Description
Improper Session Management can lead to leaking details about the user and allow it to be vunerable to session hijacking (the attacker can use the long lasting details to pretend to be the validated user).
Located
Logout Button (logout.inc.php)
HTTP request type
Vunerable parameter / behaviour
Session Variables & Cookies
Payload / actions for reproduction
Code fix
Implement proper session termination
[CONTENT]