The principle and precaution of cookie spoofing/injection in ASP

There are two main types of ASP acquisition parameters:
Request.QueryString (Get) or Request.Form (POST)
We sometimes write Id=request ("ID") to simplify the code, because there is a problem with the writing ...

The original Web service reads data like this:
Take the data in get, no more data in the post, and fetch the data from cookies! That's what I found out.
The usual anti-injection system, he detects the data in Get and post, if there are special characters to prohibit the submission of data, and the above shorthand, will not be check

To.

For example, the principle of parameter submission and acquisition:

/1.asp?id=123

If you only lose:/1.asp can not see the normal data, because there are no parameters!
Want to know if there is a cookie problem (i.e. there is no request ("XXX") format problem)

First Use IE Input:/1.asp load Web page, show abnormal (no parameters for the reason), and then enter the IE input box
Javascript:alert (document.cookie= "id=" +escape ("123"));
Description
Document.cookie= "id=" +escape ("123") is to save 123 to the ID of the cookie.
Alert (XXX) is the Bomb dialog box.

Press ENTER, you will see a pop-up dialog box content is: id=123, and then refresh the Web page, if the normal display, indicating that the request ("id") such

Format to collect the data, you can try the cookies injected.

In the Address bar, enter: Javascript:alert (document.cookie= "id=" +escape ("123 and 3=3"));
Refresh the page, if the display is normal, you can try the next step (if not normal, it may also have filtered)

Javascript:alert (document.cookie= "id=" +escape) ("123 and 3=4"); Refresh the page if it is not displayed correctly, this means that you can inject

Out.

If the code collects data with Request.QueryString or Request.Form, there is no question of cookies being injected because the service program is straightforward from

If the data is read from the Get or post, the cookie has no data code to fetch.