Get a demo
AppSec with Zero Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

PHP session.use_trans_sid Is Enabled

Severity: Medium
Summary#

Invicti detected that the session.use_trans_sid is enabled.

Impact#

When session.use_trans_sid is enabled, PHP will pass the session ID via the URL.

By using this vulnerability, an attacker can:

  • perform session hijacking attack
  • manipulate sensitive information
  • leak sensitive information
  • gain administrator access to the web application
Actions To Take#

To disable session.use_trans_sid, you can set it to 'off' in the php.ini configuration file or alternatively in .htaccess.

  • php.ini: 
    register_globals = 'off'
  • .htaccess: 
    php_flag register_globals off
Classifications#
, , ,

Select Category

OR

Search Vulnerability

Related Vulnerabilities

Related Articles

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works