Summary
Acunetix 360 detected that the session.use_trans_sid
is enabled.
Impact
When session.use_trans_sid
is enabled, PHP will pass the session ID via the URL.
By using this vulnerability, an attacker can:
- perform session hijacking attack
- manipulate sensitive information
- leak sensitive information
- gain administrator access to the web application
Actions To Take
To disable session.use_trans_sid
, you can set it to 'off' in the php.ini
configuration file or alternatively in .htaccess
.
- php.ini:
register_globals = 'off'
- .htaccess:
php_flag register_globals off