Session ID Security Hole [Installation Troubleshooting]

XOOPS

Forum

Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk

Session ID Security Hole

2004/10/30 7:57
tvepsorg
Quite a regular
Posts: 276
Since: 2004/5/18

I am using one of the later versions of XOOPS and I (Like an idiot) posted a link with a session id on the end and someone was able to get into my site. Luckily they didn't do anything mallicious, but that's still a huge hole. Other than no posting links like that (/me feels stupid already) how can I prevent this?

Re: Session ID Security Hole

2004/10/30 9:03
Mithrandir
XOOPS is my life!
Posts: 6320
Since: 2003/6/21

http://www.php.net/manual/en/ref.session.php

Login

Username

Password

Remember me

Search

Advanced Search

Donat-O-Meter

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}

{{ record.commit.author.name }} {{ record.commit.author.date | formatDate }}

Session ID Security Hole

Re: Session ID Security Hole

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}