Rabu, 29 Februari 2012

ATTACKING SESSION MANAGEMENT


 The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the applications to uniquely identify a given user across a number of different requests, and to handle data that it accumulates about the state of that user's interaction with the applications. Where an applications implements login functionality, session management is of particular importance, as it what enables the applications to persist its assurance if any given user's identity beyond the requests in which they supply their credential.

Now I'll show you how to attacking session management on a web applications and do some privileges escalation on it.