Security. What could go wrong as users might name session variables?

Question

Security. What could go wrong as users might name session variables?

So, I just found some super-disturbing code at the same time in some classic ASP code, as well as in PHP.

Classic ASP:

Dim id id = request.form("id") Session(id) = id

Php

 $_SESSION[$_GET["id"]] = $_GET["id"];

So what could go wrong here? Notice that I will delete them and using the best workflow.

EDIT: The obvious problems could be SQLi, XSS, overwriting existing and required session variables. I really don't know how these languages work when working with these languages.

EDIT 2: I am not interested in the values of the session variable, as far as I am concerned that I can name them. Just curious if there is anything crazy you could do with arbitrary variable names.

+5

security php session asp-classic

Themonarch Oct 7 '15 at 18:50

source share

1 answer

Sak90 · Answer 1 · 2015-10-07T18:57:49+0000

I can set any number of session variables - say a1 a2 a3 a4 and so on. Is this some kind of attack vector? Attack of memory ..

If you use these session variables in a mysql query, this is a classic case of sql injection (not a big threat in this case, if you have proper security)

As mentioned in the comment, if you repeat the session variable, there is the possibility of XSS (cross-site injection).

If you use it in the form of attacks like CSRF and a lot of things.

Why use $ _SESSION [$ GET ['var']] when there are a million other possible things :-)

Security. What could go wrong as users might name session variables?

More articles: