This advisory details a session fixation vulnerability in PHPShell v2.4, where the session ID is not regenerated upon authentication, potentially allowing attackers to hijack sessions if PHP.INI is configured with session.use_only_cookies=0. The writeup includes technical analysis, exploitation steps, and prerequisites.
Classification
Writeup 95%
Target:
PHPShell v2.4
No auth needed
Prerequisites:
PHP.INI setting session.use_only_cookies=0 · Valid PHPSESSID from an authenticated user