This blog is all about Cyber Security and IT

Session Fixation Via Cookie Value


The application does not set a new Session ID in the cookie after what appears to be an authentication attempt by the user. If this was a successful login and the Session IDs are stored in cookies then this application is affected by Session Fixation vulnerability.

To reproduce this vulnerability chrome and download edit this cookie ad-don

To perform the steps . Download EditThisCookie extension on google chrome

2.Now open and log in
3.Now go to edit this cookie add-on and click export all cookies clicking this we get the cookie copied in clipboard.
4.Logout from your account.
5.If needed u can close and open your browser.
6.Now again go to but don't login..just simply go to edit this cookie add-on and click import a Cookie and paste the code which we previously exported.
7.After pasting just refresh the page and that's done you are now logged into your account without login details...


1.Anyone can easily hijack victims or users session and get into his account
2.Cookie stealing is the best way the hacker can get into and would not take more than 5min to steal someones cookie using PHP n all...
3.Even friends can fool the victim and get him hacked..


Manage session properly.this problem is mainly faced because the session doesn't get expired or doesn't get closed when logout is pressed.each time the user logins the cookie must hold a unique different session id to proceed.

Example Report:


Post a Comment