Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

세션 하이재킹

202 views

Published on

(20141027)
Information Security - Session Hijacking (정보보안 - 세션 하이재킹)

Published in: Software
  • Be the first to comment

  • Be the first to like this

세션 하이재킹

  1. 1. Session Hijacking Yu YongWoo / CUK CSIE '10 (uyu423@gmail.com)
  2. 2. Cookie? Session?
  3. 3. Session Hijacking PHP : PHPSESSID JSP : JSSESIONID 서버가 세션과 클라이언트의 유효성을 검사하지 않아 발생하는 문제
  4. 4. Scenario ServerAdmin Attacker Access Session ID Hijacking 웹 상에서 XSS를 사용해 게시판 관리자 계정 권한 획득

×