this is only for educational purpose.
how to gain admin privilege via session cookie
if these techniques are useless
cookie poisoning attack
cookie injection attack
session fixation attack
cookie hijacking attack
????
this is only for educational purpose.
how to gain admin privilege via session cookie
if these techniques are useless
cookie poisoning attack
cookie injection attack
session fixation attack
cookie hijacking attack
????
Just set an index in your session array:
$_SESSION['isadmin'] = 1;
Another thing you can do is use your session data to query the db.
$mysqliobject->query("SELECT user_role FROM a_table WHERE user_name = {$_SESSION['username']}");
To avoid the attacks, make sure you sanitize anything you get from cookies...
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.