PHP Sessions
Theory
If the website use PHP Session (PHPSESSID), we may poison cookies and include it throught LFI
Practice
First we should find where the sessions are stored, for example
Second, display a PHPSESSID
to see if any parameter is reflected inside:
In this case, we can inject some PHP code in the reflected parameter in the session.
Last updated