Home > Others

Cookie injection Principles and Methods

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

At present, many websites have added general anti-injection system code, and you cannot input injection statements. At first glance, it feels like this anti-injection system is good, however, anti-injection only prevents QueryString and Form, but ignores Cookies! Therefore, Cookies are injected.
First, let's look at how Cookies can be injected! If you have learned ASP, you should knowID = Request. QueryString (GET)OrID = Request. Form (POST)These two methods are used. But sometimes, to simplify the code, it is written as ID = Request ("ID"), which is simple, but the problem arises. Let's first look at how the WEB Service reads data, he first obtains the data in GET, does not retrieve the data in POST, and also retrieves the data in Cookies.
Let's take a look at the anti-injection system. It will detect the data in GET and POST. If there are special characters (here, of course, injection characters), it will prohibit data submission! But he does not detect Cookies! Cookie injection is generated. Then, how can we test whether there is any cookie injection problem? Please take a look at the following connection (for example, the connection is not true ).

http://www.xxx.com/1.asp?id=123

If we only lose

http://www.xxx.com/1.asp

Normal data cannot be seen because there is no parameter! We want to know if there are any Cookies (that is, whether there are any format problems)

Request("XXX")

Input with IE

http://www.xxx.com/1.asp

Load the webpage and the page is abnormal (no reason for parameter input). Then enter it in the IE input box.
 

javascript:alert(document.cookie="id="+escape("123"));

Press enter and you will see a dialog box that is displayed: After id = 123, you refresh a Web page.
 

Request("ID")

 

Collect data in this format ~~~~, In this format, you can try to inject Cookies into the input box.
 

javascript:alert(document.cookie="id="+escape("123 and 3=3"));

Refresh the page. If the page is displayed normally, try again. (If the page is not displayed normally, it may be filtered out)
 

javascript:alert(document.cookie="id="+escape("123 and 3=4"));

Refresh the page. If the page is not displayed properly, it indicates an injection ~~~ If the programmer is using
 

Request.QueryString

Or
 

Request.Form

When collecting data, there is no cookie injection problem, because the service program directly captures data from GET or POST, and the WEB server ignores whether Cookies have data, therefore, Cookies cannot be used for injection!
-------------------------------------------------------------------------
To make it easier for friends who do not understand
 

javascript:alert(document.cookie="id="+escape("123"));

I want to explain
 

document.cookie="id="+escape("123")

Is to save 123 to the cookie ID.
 

alert(xxx)

The dialog box is displayed.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
information security principles and practice computer security principles and practice static variables and methods get and post methods objects and methods static and instance methods dom properties and methods

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More