Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2) in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786

Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in /home/content/51/12486951/html/kurinchilamp/wp-content/plugins/statpress-reloaded/statpress.php on line 1786
Kurinchi Blogger Scribbles … » Blog Archive » Session Poisoning, Cookie Poisoning

Session Poisoning, Cookie Poisoning

Session poisoning or Session Pollution is a term used to refer to security exploit when an invalidated input is assigned to session variables which then gets carried over to other pages opening the supposed to be secured pages to outside world.

It can also refer to a state when more than one application shares the same session variable which when modified without necessary validation causes a race condition.

There is a possibility for an attack or a session hijack when the external agent gets control over the session variable used by victim on the server. Both the agent and the victim needs to have access on the same server for such attacks to take place.

When the same scenario happens on the cookie variables, it is called cookie poisoning.

Precaution to avoid such hijacks are to validate each condition if a cookie or a session is shared or if values are assigned to session or cookies. In such cases, it is also advisable to use a secured transaction path to avoid such attacks.

Share

Written by kurinchilamp


Website: http://

Leave a Reply

Your email address will not be published. Required fields are marked *

Read previous post:
How to hide Apache version, Modules loaded, PHP Version?

It is often advisable not to disclose information than is necessary when web request are made to Apache server. By...

Close