AOH :: HP Unsorted O :: VA3044.HTM

OSCommerce Session Fixation Vulnerability



OSCommerce Session Fixation Vulnerability
OSCommerce Session Fixation Vulnerability



There is a flaw in the way OSCommerce handles sessions. =0D
=0D
When a client visits a OSCommerce web page, the server sends a cookie. That cookie will be the session cookie for every further requests. Thus, once logged in, the cookie will be used to authenticate the user.=0D
=0D
When logging in (without cookies), the URL will look something like http://myserver/myapp/index.php?oscid=sometext=0D 
=0D
An attacker can send a link crafted like that http://myserver/myapp/index.php?oscid=arbitrarysession. If the admin/user follows the link and logs in, his cookie will still be arbitrarysession. Thus, the attacker can hijack the session because he set the cookie. =0D 
=0D
P.S. Thanks to the whole TeaM Random (www.etsmtl.ca) for this bug. 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.