bug: cookie is not set if the host address is localhost:4320

digininja · May 11, 2024 · aee770c · aee770c
1 parent 0773216
commit aee770c
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/vulnerabilities/weak_id/source/high.php b/vulnerabilities/weak_id/source/high.php
@@ -8,7 +8,7 @@
 	}
 	$_SESSION['last_session_id_high']++;
 	$cookie_value = md5($_SESSION['last_session_id_high']);
-	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], false, false);
+	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['SERVER_NAME'], false, false);
 }
 
 ?>
diff --git a/vulnerabilities/weak_id/source/impossible.php b/vulnerabilities/weak_id/source/impossible.php
@@ -4,6 +4,6 @@
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
 	$cookie_value = sha1(mt_rand() . time() . "Impossible");
-	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['HTTP_HOST'], true, true);
+	setcookie("dvwaSession", $cookie_value, time()+3600, "/vulnerabilities/weak_id/", $_SERVER['SERVER_NAME'], true, true);
 }
 ?>