From aee770c33fbdc6c2f06b5646c54bc18a166e2132 Mon Sep 17 00:00:00 2001 From: Mikhail Fedosov Date: Sat, 11 May 2024 12:09:28 +0300 Subject: [PATCH] bug: cookie is not set if the host address is localhost:4320 --- vulnerabilities/weak_id/source/high.php | 2 +- vulnerabilities/weak_id/source/impossible.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/vulnerabilities/weak_id/source/high.php b/vulnerabilities/weak_id/source/high.php index 916ff9967..537fed3d4 100644 --- a/vulnerabilities/weak_id/source/high.php +++ b/vulnerabilities/weak_id/source/high.php @@ -8,7 +8,7 @@ } $_SESSION['last_session_id_high']++; $cookie_value = md5($_SESSION['last_session_id_high']); - setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], false, false); + setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['SERVER_NAME'], false, false); } ?> diff --git a/vulnerabilities/weak_id/source/impossible.php b/vulnerabilities/weak_id/source/impossible.php index 078ad19e1..52765512b 100644 --- a/vulnerabilities/weak_id/source/impossible.php +++ b/vulnerabilities/weak_id/source/impossible.php @@ -4,6 +4,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") { $cookie_value = sha1(mt_rand() . time() . "Impossible"); - setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], true, true); + setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['SERVER_NAME'], true, true); } ?>