php - How can I set a specific PhpSession Cookie for a webpage?

View Original

one text

I'm building a vulnerable app to train interns and junior pentesters, and I'd like to set a default PhpSession cookie for a specific page so that when they trigger the vulnerability (which will execute the javascript alert(document.cookie) command) they'll see this cookie e.g {FLAG-1231231}. Right now I'm stuck with the default Phpsession that the function <php session_start(); ?> sets for us. Are there any ways I can do that?

I've tried setting a variable on the html page:

<?php
$_SESSION\["admin"\] = "admin";
echo "Session variables are set.";
?\>

and echoing the session variable on the php page:

 echo "Session is " . $\_SESSION\["admin"\] . ".<br>";

Source
© 2021
E-mail: contact@webdevask.com
Back to top