The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 18, 2019, 12:37:51 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: Is it possible to get $_SESSION of remote server ?  (Read 3145 times)
netmktg
Rookie
**
Offline Offline

Posts: 37



View Profile
« on: December 11, 2008, 10:54:45 PM »

This will sound naive...since $_SESSION is part of the server memory, but is it possible to somehow get access to this on a remote server just by using the value of PHPSESSID?

Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: December 11, 2008, 11:34:27 PM »

man I have no idea what you are asking.

Are you thinking you can somehow get access to a $_SERVER variable from a remote machine? The $_SERVER variable is simply a super global that is created for you (as a PHP script) when <your> instance is working through a script and creating a page. It's not something that you can interrogate from outside.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
netmktg
Rookie
**
Offline Offline

Posts: 37



View Profile
« Reply #2 on: December 12, 2008, 05:00:04 AM »

Yep, that's exactly what I was asking !!  (http://us3.php.net/session)

I was wondering if there was some covert means which I wasn't aware of .
Logged
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #3 on: December 12, 2008, 12:40:51 PM »

Why would there be? The client machine knows everything it would ever want to know and more about the current session.
Logged

hai
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #4 on: December 12, 2008, 01:43:01 PM »

 Huh?

I would assume that NetM is looking for information that would be specifically in the $_SESSION variable, not cookies/post values etc that would be extended out to the client... and in that case, I'm unaware of any way of forcing a server to puke up the data for you on command...
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
netmktg
Rookie
**
Offline Offline

Posts: 37



View Profile
« Reply #5 on: December 18, 2008, 03:07:44 AM »

Why would there be? The client machine knows everything it would ever want to know and more about the current session.

The client machine doesn't know the value of $_SESSION['captcha_code']   Tongue

Huh?
I would assume that NetM is looking for information that would be specifically in the $_SESSION variable, not cookies/post values etc that would be extended out to the client... and in that case, I'm unaware of any way of forcing a server to puke up the data for you on command...

Yea, Perk...my query was confusing but you did get it right... the client maching does have access to the PHPSESSID and the Cookie...which the server sends to the client. But I was hopeful of accessing all custom vars in $_SESSION. Yes, it would be a big security flaw, but that's what we are all hopeful for  ROFLMAO
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #6 on: December 18, 2008, 06:57:10 AM »

Aha! Now knowing what you're looking for, I can tell you unequivocally that it's behind a wall and you'll not be able to scale it.

Sorry man.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
vsloathe
vim ftw!
Global Moderator
Lifer
*****
Offline Offline

Posts: 1669



View Profile
« Reply #7 on: December 18, 2008, 09:42:48 AM »

I also doubt that the captcha code is stored in session.

You have everything you need to figure it out though, the hash.
Logged

hai
netmktg
Rookie
**
Offline Offline

Posts: 37



View Profile
« Reply #8 on: December 18, 2008, 09:50:50 AM »

I also doubt that the captcha code is stored in session.

You have everything you need to figure it out though, the hash.

I was looking at a WP Captcha plugin and it stores the Captcha in $_SESSION and no hash is included alongwith the Captcha img. So, this particular implementation depends solely on the $_SESSION array. No other value is posted alongwith with the Captcha; in addition to scanning the page html I also checked the post request in FF
Logged
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!