search

prasathmani / tinyfilemanager

Single-file PHP file manager, browser and manage your files efficiently and easily with tinyfilemanager
https://tinyfilemanager.github.io
GNU General Public License v3.0
4.88k stars 1.66k forks source link

Session Fixation in all versions of FileManager #1099

Open whitej3rry opened 11 months ago

whitej3rry commented 11 months ago

Hi @prasathmani,

Hope you are doing good. I have discovered Session Fixation Vulnerability in all versions including the latest. Following are the steps to reproduce:

  1. Login to filemanager Step 2: Intercept the response and change the cookie to any 26 character string "ThisIsDefinatelyIncorectId" or "aaaaaabbbbbbddddddeeeeeerr" Step 3: Forward the response to browser
  2. Logout from the filemanager
  3. Session ID you provided is still valid
sf

Hope the issue will be resolved in next release.

Thanks and Regards, Dani

whitej3rry commented 9 months ago

Hi @prasathmani, Hope you are doing good. Do you have plans to fix this in upcoming release?

prasathmani commented 9 months ago

@whitej3rry , Thank you for reporting. Will fix it for the future release.