Skip to content

Session Puzzling - Session Variable Overloading

Owasp vuln description: https://owasp.org/www-community/vulnerabilities/Session_Variable_Overloading.

Session Variable Overloading (also known as Session Puzzling, or Temporal Session Race Conditions) is an application level vulnerability which can enable an attacker to perform a variety of malicious actions. This vulnerability occurs when an application uses the same session variable for more than one purpose. An attacker can potentially access pages in an order unanticipated by the developers so that the session variable is set one one context and then used in another.

Demo

From 2011!!!!!!

<iframe width="560" height="315" src="https://www.youtube.com/embed/-DackF8HsIE" frameborder="0" allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>

Tools and payloads

Last update: 2023-12-24
Created: January 17, 2023 17:52:45