this is only for educational purpose.
how to gain admin privilege via session cookie
if these techniques are useless
cookie poisoning attack
cookie injection attack
session fixation attack
cookie hijacking attack
????
strongard63
0
Light Poster
EvolutionFallen
107
Junior Poster
Just set an index in your session array:
$_SESSION['isadmin'] = 1;
Another thing you can do is use your session data to query the db.
$mysqliobject->query("SELECT user_role FROM a_table WHERE user_name = {$_SESSION['username']}");
To avoid the attacks, make sure you sanitize anything you get from cookies...
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.