Dartmouth Banner Possible Exploit

When you're requesting pages (such as transcripts, DASH, etc.) through Dartmouth Banner, you slowly accumulate cookies. But only one of them is actually used to verify who you are: the SESSID one. It's a base64 encoding of what appears to be 6 random alphanumerics, followed by your PIDM, the Banner specific code that was the root of the previous exploit. It locks you out if you try and use an old SESSID, and forces you to log in again.

Might be interesting to see if it can be detected as to how the random precursor is computed, or if you can exploit the pseudo-constant nature to get access without login credentials. I'll come back to this if I have some free time.

Update: this (most likely) isn't possible. I found this PDF which was a godsend into how Banner's system works.

On page 125, it describes the "Web SessionID Table", which is the table that holds information about your SESSID, the login variable I identified earlier. It turns out that it's a base64 encoding of the webid, the randomly generated precursor (which appears to be generated by the second) and the pidm, which is the Banner specific code. Weirdly the webid appears to be a random alpha-numeric A-Z, 0-9 (all uppercase). However, there are never any Z's (I downloaded over 500 of them to run some quick analysis), and there are double the number of 0's you would expect, leading me to believe that the webid for some reason generates a 6-digit base36 string, and then converts all the Z's into 0's.