PHP sessions, public directory and isolation
, by Ajabep
Tags: writeup, vulnerability
Alwaysdata, a hosting company, recently fixed a vulnerability. Indeed, they stored PHP sessions in a shared directory. This allowed an attacker to know PHP sessions ID, without their content, and in which account it has been used.
Read this article →