bug: cookie is not set if the host address is localhost:4320

digininja · May 11, 2024 · a07ed10 · a07ed10
1 parent 0773216
commit a07ed10
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/vulnerabilities/weak_id/source/high.php b/vulnerabilities/weak_id/source/high.php
@@ -8,7 +8,8 @@
 	}
 	$_SESSION['last_session_id_high']++;
 	$cookie_value = md5($_SESSION['last_session_id_high']);
-	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], false, false);
+	$domain = ($_SERVER['SERVER_NAME'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
+	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $domain, false, false);
 }
 
 ?>
diff --git a/vulnerabilities/weak_id/source/impossible.php b/vulnerabilities/weak_id/source/impossible.php
@@ -4,6 +4,7 @@
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
 	$cookie_value = sha1(mt_rand() . time() . "Impossible");
-	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], true, true);
+	$domain = ($_SERVER['SERVER_NAME'] != 'localhost') ? $_SERVER['HTTP_HOST'] : false;
+	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $domain, true, true);
 }
 ?>