Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Ainur Shakirov2016-07-24 17:58:58
PHP
Ainur Shakirov, 2016-07-24 17:58:58

What is the name of this (ahem .. strange) SESSION?

I came across one CMS'ka, there is this: And - this is a piece of SQL query. It is read from the session and added to the main request. Just the perfect hole for SQL injection, I thought, got into the chrome session, but there is only PHPSESSID. This entry doesn't exist. But she works. How so? Does the browser hide sessions with underscores, or are such records somehow stored only on the server side?
$_SESSION ['__var']='value';
value

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Alexander Popov, 2016-07-24
@Fqyeh29

Don't confuse sessions with cookies. The session files are stored on the PHP server, the browser only stores the session id. SQL cannot be fixed directly on the client.

Similar questions
D
Dagtor2015-05-15 14:02:52
What book, website or video course can you offer a beginner to learn SQL? 11Reply
K
Ksander882021-04-16 11:31:56
How to make a print order button before placing an order? 0Reply
E
EVOSandru62015-05-28 13:40:00
How can it be that the DataChange event happens before DBAfterConnect? 1Reply
G
GRO242019-10-20 17:02:09
Writing a loop to a variable? 2Reply
J
Jam Zey2021-04-22 09:57:02
Where is the best place to store config files of applications in AWS? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question