something about DVWA - Weak Session ID
DVWA
Weak Session ID
Low
源码分析
session id从0开始自增取值。1
2
3
4if (!isset ($_SESSION['last_session_id'])) {
$_SESSION['last_session_id'] = 0;
}
$_SESSION['last_session_id']++;
Medium
源码分析
session id设置为时间。1
$cookie_value = time();
High
源码分析
session id的值设置为从0开始的自增值的md5值。并设置session的 有效期 。1
2
3
4
5
6
7
8
9// 从0开始的自增值
if (!isset ($_SESSION['last_session_id_high'])) {
$_SESSION['last_session_id_high'] = 0;
}
$_SESSION['last_session_id_high']++;
// md5加密值
$cookie_value = md5($_SESSION['last_session_id_high']);
// 设置`session`有效期
setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], false, false);
Impossible
源码分析
session id的值设置为时间的sha1值。并设置session的 有效期 。1
2$cookie_value = sha1(mt_rand() . time() . "Impossible");
setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], true, true);