|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Ouwerkerk (olderchurch
gmail.com)
Date: Wed Jul 01 2009 - 09:50:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
pUm is right. You can download the code form Cake and see for
yourself. In cake\libs\session.php you will see the following check:
if ((Configure::read('Session.checkAgent') === false ||
$this->_userAgent == $this->read('Config.userAgent')) && $this->time
<= $this->read('Config.time')) {
Hope this helps
Cheers,
Marc
On Wed, Jul 1, 2009 at 4:00 PM, pUm<hijackagooglemail.com> wrote:
> just a gues,
> but try to fake the user agent. something in the http header must be
> part of the cookie auth. so try them all and then reduce. My guess is
> that it is the user-agent
>
> 2009/7/1 Juan Kinunt <kinuntgmail.com>:
>> Hi,
>>
>> I'm auditing a web application programmed in CakePHP and I'm having a problem.
>> I'm almost sure the authentication mechanism is carried by a cookie
>> but I'm unable to impersonate another user using its cookie.
>> The probe I do is opening two sessions with two different users (one
>> in internet explorer and one in firefox). Then I copy the cookie
>> belonging to one user and substitute it in a request done by the other
>> user (using WebScarab). The app throws and error and disconnects the
>> validated and legal user.
>> I think that some info is stored in server side about the client who
>> owns each cookie.
>>
>> Is this possible? Is it the normal operation in sessions in CakePHP?
>>
>> Any info or pointer would be very useful.
>>
>> Thanks.
>>
>>
>>
>
>
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]