SessionId Prediction - Classic ASP - Tool?
- From: "Jay" <jay.tomas@xxxxxxxxxxxxxxx>
- Date: Fri, 22 Feb 2008 11:36:11 -0500
Have read several articles on classic .asp that its possible to predict session id. Has anyone had any practical experience with this or know of a tool that can assist with this?
From an article,
"The session ID is a read-only value that uniquely identifies the current clients to the Web server. In classic ASP, session IDs are assigned in a sequential manner?the session ID 706616433 is followed by the session ID 706616434, and so on. The classic ASP session ID is stored on the client?s machine in the form of an encrypted nonpersistent cookie. For example, the session ID 706616434 would be stored on the client machine as the cookie ASPSESSIONIDGQQGQGCS=JHMBOBKCBINEHLPKJHOPABBE." - Edmond Woychowsky
How is it known that 706616434 equates to ASPSESSIONIDGQQGQGCS=JHMBOBKCBINEHLPKJHOPABBE?
Any advice or tool suggestions would be appreciated.
Jay
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Follow-Ups:
- Re: SessionId Prediction - Classic ASP - Tool?
- From: Stefano Di Paola
- Re: SessionId Prediction - Classic ASP - Tool?
- Prev by Date: Re: Pentesting tool - Commercial
- Next by Date: RE: Certification in Web application security
- Previous by thread: CanSecWest 2008 Mar 26-28
- Next by thread: Re: SessionId Prediction - Classic ASP - Tool?
- Index(es):
Relevant Pages
|
