5Kas
Is there a way to modify the value of a session token with HttpOnly flag set in this scenario?
SCENARIO:
When a user browses to the login page the web application sets SESSIONID=X; Httponly;
before the authentication.
After the authentication NO new cookies are set. The only cookie used to identify the session is SESSIONID=X
.
This should mean that the webapp is vulnerable to the session fixation attack.
I want to develop a complete attack so I need a way to programmatically modify the value of SESSIONID
.
The server doesn't use security headers (X-XSS-Protection
, etc.), so the login page can be inserted into an iframe and XSS are not blocked.
Is there a way to change the value of SESSIONID
when the victim access the login page through attacker web server?