Origins
Session poisoning was first discussed as a (potentially new) vulnerability class in Full disclosure mailinglist. Alla Bezroutchko inquired if "Session data pollution vulnerabilities in web applications" was a new problem in January 2006. However, this was an old vulnerability previously noted by others: "this is a classic state management issue" - Yvan Boily; "This is not new" - /someone.
Earlier examples of these vulnerabilities can be found in major security resources/archives such as Bugtraq, e.g.
- July 2001 Serious security hole in Mambo Site Server version 3.0.X by Ismael Peinado Palomo of reverseonline.com
- September 2005 PHP Session modification by unknow (from uw-team) and adam_i
Session pollution has also been covered in some articles, such as PHP Session Security, Przemek Sobstel, 2007 (accessed September 22, 2007).
Read more about this topic: Session Poisoning
Famous quotes containing the word origins:
“Lucretius
Sings his great theory of natural origins and of wise conduct; Plato
smiling carves dreams, bright cells
Of incorruptible wax to hive the Greek honey.”
—Robinson Jeffers (1887–1962)
“The origins of clothing are not practical. They are mystical and erotic. The primitive man in the wolf-pelt was not keeping dry; he was saying: “Look what I killed. Aren’t I the best?””
—Katharine Hamnett (b. 1948)
“Grown onto every inch of plate, except
Where the hinges let it move, were living things,
Barnacles, mussels, water weeds—and one
Blue bit of polished glass, glued there by time:
The origins of art.”
—Howard Moss (b. 1922)