Posao.ba Session Hijacking

I must admit, if this site is Superbrand, we are all going to hell :-)



Ok, you are registered (unemployed perhaps) user of posao.ba (=job), searching through site you found awesome job ad!



Now you want to share it with your friends on Facebook! You click on well known button.



Your friends who think you're cool open up that link.



Now they are seeing "Welcome, Your Name!" and saying WT#, looks like I've gained access to his account, I'll change his password for fun :devil:

Next thing you know, you are being hacked, and it's really not your fault.
You can see "user" parameters with session id passing through GET variables, someone decided that using cookies is bad idea, but didn't know that sharing this link is even worse.

Posao.ba hire yourself good programmers, at least you know where to look at.

// Blog

• PHP unicode_decode (5.3)
• PHP Simple HTML DOM & cURL
• jQuery Matrix Effect
• Did You Mean API
• PHP Clickatell Class
• Cube to Sphere Panorama
• PHP jQuery Update
• PHP Transliteration Lat<->Cyr
• PHP Numeronym Generator
• jQuery Image Replace w/ Preload
• PHP Mobile Browser Detection
• PHP Output Image 2 Browser (base64)
• PHP Facebook Share
• jQuery Menu
• Dynamic Subdomains htaccess
• Random Sentence Spinning Function
• PHP Block Bots From China
• PHP Browser Detection Function
• PHP nl2br & pre
• PHP Simple CAPTCHA
• PHP YouTube Embed Function
• PHP MySQL Injection Escape Function
• PHP QR Code Function
• ViaMichelin PHP Class
• PHP Alexa Rank
• PHP W3C Validator
• PHP SEO URL Function
• PHP Domain Checker
• Posao.ba Session Hijacking
• PHP Domain Checker .BA
• PHP Simple Poll Script
• PHP UTF-8 Convert Case
• PHP DoS Script
• PHP MySQL Online Script
• SQL Injection Example
• Mobile HTML Template
• PHP Random String Generator
• PHP Geo IP Locator
• PHP jQuery Autocomplete
• PHP CU3ER XML Configuration
• PHP MySQL Count Function
• PHP Simple YouTube Gallery
• PHP Calculate Percentage
• PHP Remove VAT
• PHP Lotto Number Generator
• PHP Image Crop
• PHP Parameters ( GET, POST, COOKIE )
• PHP Search Engine Optimized URL
• PHP Google Keywords
• Random Sentence Spinning
• jQuery Dropdown Menu
• PHP W3C Validation
• htaccess www