Cookie injection Principles and Methods

Source: Internet
Author: User

At present, many websites have added general anti-injection system code, and you cannot input injection statements. At first glance, it feels like this anti-injection system is good, however, anti-injection only prevents QueryString and Form, but ignores Cookies! Therefore, Cookies are injected.
First, let's look at how Cookies can be injected! If you have learned ASP, you should knowID = Request. QueryString (GET)OrID = Request. Form (POST)These two methods are used. But sometimes, to simplify the code, it is written as ID = Request ("ID"), which is simple, but the problem arises. Let's first look at how the WEB Service reads data, he first obtains the data in GET, does not retrieve the data in POST, and also retrieves the data in Cookies.
Let's take a look at the anti-injection system. It will detect the data in GET and POST. If there are special characters (here, of course, injection characters), it will prohibit data submission! But he does not detect Cookies! Cookie injection is generated. Then, how can we test whether there is any cookie injection problem? Please take a look at the following connection (for example, the connection is not true ).

http://www.xxx.com/1.asp?id=123

If we only lose

http://www.xxx.com/1.asp

Normal data cannot be seen because there is no parameter! We want to know if there are any Cookies (that is, whether there are any format problems)

Request("XXX")

Input with IE

http://www.xxx.com/1.asp

Load the webpage and the page is abnormal (no reason for parameter input). Then enter it in the IE input box.
 

javascript:alert(document.cookie="id="+escape("123"));

Press enter and you will see a dialog box that is displayed: After id = 123, you refresh a Web page.
 

Request("ID")

 

Collect data in this format ~~~~, In this format, you can try to inject Cookies into the input box.
 

javascript:alert(document.cookie="id="+escape("123 and 3=3"));

Refresh the page. If the page is displayed normally, try again. (If the page is not displayed normally, it may be filtered out)
 

javascript:alert(document.cookie="id="+escape("123 and 3=4"));

Refresh the page. If the page is not displayed properly, it indicates an injection ~~~ If the programmer is using
 

Request.QueryString

Or
 

Request.Form

When collecting data, there is no cookie injection problem, because the service program directly captures data from GET or POST, and the WEB server ignores whether Cookies have data, therefore, Cookies cannot be used for injection!
-------------------------------------------------------------------------
To make it easier for friends who do not understand
 

javascript:alert(document.cookie="id="+escape("123"));

I want to explain
 

document.cookie="id="+escape("123")

Is to save 123 to the cookie ID.
 

alert(xxx)

The dialog box is displayed.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.