Giters

OWASP / www-community

OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.

Home Page:https://owasp.org/www-community/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Question regarding the examples

lucapivato opened this issue · comments

commented

https://owasp.org/www-community/attacks/Session_fixation

Example 2:

http://website.kom/<script>document.cookie=”sessionid=abcd”;</script>

Example 3:

http://website.kon/<meta http-equiv=Set-Cookie content=”sessionid=abcd”>

Are  these serious examples?

commented

Well as you can tell from the big yellow banner that content was auto-migrated and not yet reviewed.

Looking at https://wiki.owasp.org/index.php?title=Session_fixation&action=history it seems this hadn't been edited since 2014.

Given the difficult English and lack of consistency in domain names, etc. I would guess that it's a community contribution that not much thought was put into and was never reviewed. While the examples might have been realistic in the early 2000s (even that's a stretch) I'd agree they definitely aren't now.

Feel free to submit a PR revising the entire page. (Source: https://github.com/OWASP/www-community/blob/master/pages/attacks/Session_fixation.md)