How cookie injection is generated

author: ah d

Source: http://www.d99net.net

currently, many websites are equipped with an anti-injection system Code . Injection statements cannot be entered ~~
the anti-injection system is good, but the anti-injection system does not notice the cookies!
therefore, cookies are injected ~~

let's take a look at how cookies can be injected!
if you have learned ASP
You Should Know request. querystring (get) or request. form (post )!
yes, this is the value we use to read the specified key from the web server!
sometimes, to simplify the code,
id = request (" ID ")
This method is simple, but the problem arises ~~~
Let's first look at how the Web Service reads data. It first retrieves the data in get, if no post data is retrieved, the data in cookies will be retrieved. (dizzy, this is not the case in the book. It is only known when talking with xiaogao ~~ It seems that the book is incomplete ~~)

Let's take a look at the anti-injection system. It will detect the data in get and post. If there are special characters (here, of course, the characters are injected )!
Data submission is prohibited! But he does not detect cookies! The problem is coming ~~~
How can we test whether there is any cookie injection problem ~

Take a look at the following connection (for example, the connection is not true)

Http://www.xxx.com/1.asp? Id = 123

If we only loseHttp://www.xxx.com/1.asp

normal data cannot be seen because no parameter exists!
we want to know if there are any cookies (that is, whether there are request ("XXX") format problems ),
input with IE
http://www.xxx.com/1.asp
webpage loading, display abnormal (cause of no parameter input)
enter
javascript: Alert (document. Cookie = "id =" + escape ("123");
press enter, the following dialog box is displayed: id = 123
, refresh the page. If the page is displayed normally,
request ("ID ") collect data in this format ~~~~, In this format, you can try to inject cookies.

In the input box, enter
Javascript: Alert (document. Cookie = "id =" + escape ("123 and 3 = 3 "));
Refresh the page. If the page is displayed normally, try again. (If the page is not displayed normally, it may be filtered out)

Javascript: Alert (document. Cookie = "id =" + escape ("123 and 3 = 4 "));Refresh the page
If it is not displayed properly, it indicates an injection ~~~

IfProgramPersonnel used
Request. querystring
Or
Request. Form
If data is collected, Cookies cannot be used to bypass the anti-Injection System for injection, because the service program directly reads data from get or post, and whether the cookies contain data, the Web server is ignored, so it cannot be used! ~

--------------------------------------------------------------------------
To make it easier for friends who do not understand
Javascript: Alert (file. Cookie = "id =" + escape ("123 "));
I want to explain
Document. Cookie = "id =" + escape ("123 ")Is to save 123 to the cookie ID.
Alert (XXX)The dialog box is displayed.

Remarks
========================================================== ============================
Cookie injection is not a new technology, but it is a very useful method. Or one day, the anti-injection system will add cookies for injection detection!