Security Bug: PHPSESSID in url allows others to login
Brought to you by:
menotume
Recently, I saw a forum post from a web-league site-admin that had pasted in a URL to another post at a web-league site. When I clicked on it, I found that I was logged in as the site-admin.
This is a huge security flaw, and should be remedied. I suggest either a cross-check that verifies the PHPSESSID and last-known IP Address of the autenticated client, or even better yet, put the PHPSESSID in a POST (and remove it from the GET request) or put it in a cookie if you prefer.
This should be easy to reproduce. I will not be providing the example that I stumbled across because it would exploit the user's account.
Logged In: YES
user_id=941893
Originator: YES
Here is the original post (edited)
http://silvercat.bzflag.org/forums/index.php?a=topic&t=222&p=1019#p1019