Origins
Session poisoning was first discussed as a (potentially new) vulnerability class in Full disclosure mailinglist. Alla Bezroutchko inquired if "Session data pollution vulnerabilities in web applications" was a new problem in January 2006. However, this was an old vulnerability previously noted by others: "this is a classic state management issue" - Yvan Boily; "This is not new" - /someone.
Earlier examples of these vulnerabilities can be found in major security resources/archives such as Bugtraq, e.g.
- July 2001 Serious security hole in Mambo Site Server version 3.0.X by Ismael Peinado Palomo of reverseonline.com
- September 2005 PHP Session modification by unknow (from uw-team) and adam_i
Session pollution has also been covered in some articles, such as PHP Session Security, Przemek Sobstel, 2007 (accessed September 22, 2007).
Read more about this topic: Session Poisoning
Famous quotes containing the word origins:
“The origins of clothing are not practical. They are mystical and erotic. The primitive man in the wolf-pelt was not keeping dry; he was saying: “Look what I killed. Aren’t I the best?””
—Katharine Hamnett (b. 1948)
“Lucretius
Sings his great theory of natural origins and of wise conduct; Plato
smiling carves dreams, bright cells
Of incorruptible wax to hive the Greek honey.”
—Robinson Jeffers (1887–1962)
“Compare the history of the novel to that of rock ‘n’ roll. Both started out a minority taste, became a mass taste, and then splintered into several subgenres. Both have been the typical cultural expressions of classes and epochs. Both started out aggressively fighting for their share of attention, novels attacking the drama, the tract, and the poem, rock attacking jazz and pop and rolling over classical music.”
—W. T. Lhamon, U.S. educator, critic. “Material Differences,” Deliberate Speed: The Origins of a Cultural Style in the American 1950s, Smithsonian (1990)