This hacking methodology basically involves the taking over of the victim’s session with the web server after he’s logged in. This is made possible by exploiting limitations in the application’s Session ID (SID) management. While authenticating a user, the vulnerable application doesn’t assign a new SID, making it possible to use an existing SID for the attack.
These kinds of attacks typically consist of three stages – obtaining a valid SID, tricking the victim into authenticating himself and using his SID to impersonate him.
Read More
