Achim, On Mon, Nov 23, 2009 at 6:02 PM, Achim Hoffmann <a...@securenet.de> wrote: > !! - Append the cookie parameter to the URL: > !! * /the/url/?id=1&PHPSESSID=w3af-session-fixation > !! * /the/url/?id=1&FOOBAR=w3af-session-fixation > > Hi Andres, > > Session Fixation can be done in more than just this way. For example: > > * /the/url;jsessionid=w3af-session-fixation/?id=1 > * /the;jsessionid=w3af-session-fixation/url/?id=1
Are this the same as "/the/url/?id=1;jsessionid=w3af-session-fixation" ? > * /the(w3af-session-fixation)/url/?id=1 hmmm, is mod_rewrite enabled here? > * /the/url/?id=1 > Cookie: JSESSIONID=w3af-session-fixation Ok, this one I missed completely and should be implemented in the plugin, Cheers, > Happy coding > Achim > > -- Andrés Riancho Founder, Bonsai - Information Security http://www.bonsai-sec.com/ http://w3af.sf.net/ ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
