Hello
Ci-Bonefire is another Codeigniter based-on open source application. I’ve been analyzing application which based-on codeigniter since I found some weakness of Codeigniter. This write-up we will see that what can cause failure of code design.
Ci-Bonefire is another Codeigniter based-on open source application. I’ve been analyzing application which based-on codeigniter since I found some weakness of Codeigniter. This write-up we will see that what can cause failure of code design.
This write-up we will analyze No-CMS web application which based on Codeigniter! Also we will continue to analyze Codeigniter too.
PyroCMS is one of the popular open source cms application. It is based on Codeigniter! You can download it from https://www.pyrocms.com/ or github account. I decided to analyze installation module of PyroCMS. Because we’ve learned that as an attackeri, we can do Object injection attacks if private key is not private!
Codeigniter is one of my favorite PHP framework. Like every one else, I’ve learned PHP MVC programming with this framework. Today, I decided to analyze Codeigniter for PHP Object Injection Vulnerability.
I’ll focus on Session mechanism of Codeigniter at rest of this write-up . All method that I will explain are located in CodeIgniter/system/libraries/Session.php file. Also I used Codeigniter 2.1 stable release for this research.
CI use serialization methods of PHP to store variables in user session. But Codeigniter session mechanism is not working like we expect. It stores session variables in client’s cookie. We expect that Codeigniter stores session variables at server side, mostly on disk instead of user cookie. I don’t know why developers decided to this way.
Following description grabbed from codeigniter documentation.
The Session class stores session information for each user as serialized (and optionally encrypted) data in a cookie. Even if you are not using encrypted sessions, you must set an encryption key in your config file which is used to aid in preventing session data manipulation.
In this write-up we will analyze the possibilities of session data manipulation and so on.