Potential Session security vulnerability.

#1
[eluser]Lewis[/eluser]
I've not tried it, but I'm pretty sure that there is a security vulnerability in the sessions library. It unserializes untrusted data when cookie encryption is disabled. You should *never* unserialize untrusted data as there are a number of different memory and code hacks that can be performed. Luckily encoding is on by default so most of you should be Ok.

Also, whilst I'm at it:

Code:
if (strtolower($this->CI->config->item('time_reference')) == 'gmt')
        {
            $now = time();
            $this->now = mktime(gmdate("H", $now), gmdate("i", $now), gmdate("s", $now), gmdate("m", $now), gmdate("d", $now), gmdate("Y", $now));
    
            if (strlen($this->now) < 10)
            {
                $this->now = time();
                log_message('error', 'The session class could not set a proper GMT timestamp so the local time() value was used.');
            }
        }
        else
        {
            $this->now = time();
        }

The unix timestamp is in taken in GMT, so that's completely useless.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.