DVWA Exercises 7

14 Weak Session ID

Again I'll setup burp to intercept the http get request.

I'll use the repeater module and send several times the same request. As we can see on the right side the cookie dvaSession will increase everytime to one!

An attacker could easily guess the session id of another user and try to hijack his session.

PreviousDVWA Exercises 6 NextDVWA Exercises 8

Last updated 2 years ago