Let's take a look at how Cookies can be injected! If you have learned ASP, you should know
Copy codeThe Code is as follows:
Request. QueryString (GET)
Or
Copy codeThe Code is as follows:
Request. Form (POST)
Well, that's right. This is the value that we use to read the specified key that the user sends to the WEB server! Sometimes we write
Copy codeThe Code is as follows:
ID = Request ("ID ")
This method is simple, but the problem is coming ~~~ Let's first look at how the WEB Service reads data. It first retrieves the data in GET, does not retrieve the data in POST, and uses the data in Cookies (dizzy, this is not the case in the book, this is what I know when I talk to xiaogao ~~ It seems that the book is incomplete ~~)
Let's take a look at the anti-injection system. It will detect the data in GET and POST. If there are special characters (here, of course, the characters are injected )! Data submission is prohibited! But he does not detect Cookies! The problem is coming ~~~ How can we test whether there is any cookie injection problem ~ Take a look at the following connection (for example, the connection is not true)
Http://www.xxx.com/1.asp? Id = 123
If we only enter http://www.xxx.com/1.asp, we cannot see the normal data because there are no parameters! We want to know if there is any cookie problem (that is, there is no Request ("XXX") format problem), first use IE input http://www.xxx.com/1.asp
Load the webpage and the page is abnormal (no reason for parameter input). Then enter it in the IE input box.
Javascript: alert (file. cookie = "id =" + escape ("123 "));
Press enter and you will see a dialog box that is displayed: After id = 123, you refresh a Web page.
Request ("ID ")
Collect data in this format ~~~~, In this format, you can try to inject Cookies into the input box.
Javascript: alert (document. cookie = "id =" + escape ("123 and 3 = 3 "));
Refresh the page. If the page is displayed normally, try again. (If the page is not displayed normally, it may be filtered out)
Javascript: alert (document. cookie = "id =" + escape ("123 and 3 = 4 "));
Refresh the page. If the page is not displayed properly, it indicates an injection ~~~ If the programmer is using
Request. QueryString
Or
Request. Form
When collecting data, there is no cookie injection problem, because the service program directly captures data from GET or POST, and the WEB server ignores whether Cookies have data, therefore, Cookies cannot be used for injection! ~