Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Bluffing a session value

Status
Not open for further replies.
MikeGarde

MikeGarde

IS-IT--Management
Aug 31, 2003
4
US
I am setting up a forum for students at a school and to save my unpaid time I decided to look at some of the free prepackaged forums available. I decided on
I know, I know, there is no reason to give me shit about it. When I get some time I am going to develop my own, but that’s not why you are reading this.

My concern with the system is this:
The authentication process for administrators and moderators appears good; however it requires only one variable to gain access to some administrator functions,

For example if the user is logged out and value A is placed into variable B inside the users session cookie then he can access administrator featured including taking the forum offline or displaying previously hidden user data.

Now as far I am aware this value must be placed into the user’s web browser by the server. But I am assuming that someone is aware of a way to bluff this.

What I am looking for is a Hack that can place a given value into a given variable, bluffing the browser into believing that it is the website.

Once this value is loaded that person would have the access I explained above.

If a program that is capable of this does not exist then I have no concern. But I can only assume that it does, it just seems too simple.

Thanks in advance for any help
 
Sort by date Sort by votes
It depends on the value that is needed to enable admin access.

If it is something trivial like
Code: 
admin=yes
Then gaining access will be trivial.

If on the other hand, the server generates a session key which is valid once only, along the lines of say
Code: 
admin=35a6507dcee725e3adbcc867e67e8446
Then any "hacker" will need to be a lot more inventive.
 
Upvote 0 Downvote
Well it just-as-well use "yes" because the number it uses is not generated

Session(strCookieURL & "Approval") = "256697926329"

strCookie is a variable that gets the path info
the output looks like this:
/scad/Approval : and then the above value

This is a session variable that it gives every user that successfully loges in as an Administrator or System Moderator. This key gives them access to the administrator functions of the system. Nothing is random about it. Hence my concern.

Ohh, and I didn’t mention it above, the programming is done in ASP

Thanks again.
 
Upvote 0 Downvote
sorry, just for clarification, /scad/Approval it may be easier to read

/somefolder/Approval
 
Upvote 0 Downvote
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sameer258
  • Locked
  • Question
Need Help to Find ip and mac address with email who one open my email
Replies
0
Views
301
Sameer258
Sameer258
Sparrow4
  • Locked
  • Question
AnyConnect + Azure + SAML
Replies
0
Views
256
Sparrow4
Sparrow4
quar
  • Locked
  • Question
Moving a rule
Replies
2
Views
169
iggsterman
iggsterman
quar
  • Locked
  • Question
Moving a rule
Replies
0
Views
62
quar
quar
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
317
Johnkite
Johnkite

Part and Inventory Search

Sponsor

Back
Top