Re: Invision Power Board v2.1.4 - session hijacking

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Invision Power Board v2.1.4 - session hijacking
From: Peter Conrad <conrad@xxxxxxxxx>
Date: Thu, 16 Mar 2006 09:36:11 +0100
In-reply-to: <2C8DD899-4C21-43C9-9FC0-EFC871151659@xxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mail-followup-to: bugtraq@xxxxxxxxxxxxxxxxx
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <2C8DD899-4C21-43C9-9FC0-EFC871151659@xxxxxxxxx>
User-agent: Mutt/1.5.9i

Hi,

On Tue, Mar 14, 2006 at 07:32:16PM +0100, Hans Wolters wrote:
> 
> Once you visit a site where Invision Board is used the first click on  
> the Log In link points the visitor to a link with the session id in it:
> 
> index.php?s=<session_id>&act=Login&CODE=00
> 
> If you copy this session id, login and start a different browser (not  
> a new instance) then you only need to copy the session id url into  
> the different browser to login without giving the password and login  
> name.

so you're saying that you can hijack a user's session if you have access
to his session id? Well, that's not a vulnerability, that's how HTTP
sessions work.

Bye,
        Peter
-- 
Peter Conrad                        Tel: +49 6102 / 80 99 072
[ t]ivano Software GmbH             Fax: +49 6102 / 80 99 071
Bahnhofstr. 18                      http://www.tivano.de/
63263 Neu-Isenburg

Germany

References:
- Invision Power Board v2.1.4 - session hijacking
  - From: Hans Wolters

Prev by Date: [SECURITY] [DSA 1004-1] New vlc packages fix arbitrary code execution
Next by Date: Re: Invision Power Board v2.1.4 - session hijacking
Previous by thread: Invision Power Board v2.1.4 - session hijacking
Next by thread: Re: Invision Power Board v2.1.4 - session hijacking
Index(es):
- Date
- Thread