PHPGurukul Car Rental Project Session Hijacking Vulnerability

A session hijacking vulnerability has been identified in the PHPGurukul Car Rental Project version 3.0. The issue arises from improper session invalidation in the password update component, allowing attackers to exploit the vulnerability and take over user sessions.

Impact

Exploitation of this vulnerability allows for session hijacking, where an attacker can gain unauthorized access to a user's account and perform actions on their behalf.

Reproduction

To reproduce this vulnerability, navigate to the password update component. Observe the session handling process, then inject a known session ID by setting a predictable or captured session token in the browser before logging in. Once the login is complete, the injected session ID can be used to access the account, potentially allowing actions such as changing the password.