The principle and precaution of cookie spoofing/injection in ASP

Source: Internet
Author: User

There are two main types of ASP acquisition parameters:
Request.QueryString (Get) or Request.Form (POST)
We sometimes write Id=request ("ID") to simplify the code, because there is a problem with the writing ...


The original Web service reads data like this:
Take the data in get, no more data in the post, and fetch the data from cookies! That's what I found out.
The usual anti-injection system, he detects the data in Get and post, if there are special characters to prohibit the submission of data, and the above shorthand, will not be check


To.


For example, the principle of parameter submission and acquisition:


/1.asp?id=123


If you only lose:/1.asp can not see the normal data, because there are no parameters!
Want to know if there is a cookie problem (i.e. there is no request ("XXX") format problem)


First Use IE Input:/1.asp load Web page, show abnormal (no parameters for the reason), and then enter the IE input box
Javascript:alert (document.cookie= "id=" +escape ("123"));
Description
Document.cookie= "id=" +escape ("123") is to save 123 to the ID of the cookie.
Alert (XXX) is the Bomb dialog box.


Press ENTER, you will see a pop-up dialog box content is: id=123, and then refresh the Web page, if the normal display, indicating that the request ("id") such


Format to collect the data, you can try the cookies injected.


In the Address bar, enter: Javascript:alert (document.cookie= "id=" +escape ("123 and 3=3"));
Refresh the page, if the display is normal, you can try the next step (if not normal, it may also have filtered)


Javascript:alert (document.cookie= "id=" +escape) ("123 and 3=4"); Refresh the page if it is not displayed correctly, this means that you can inject


Out.


If the code collects data with Request.QueryString or Request.Form, there is no question of cookies being injected because the service program is straightforward from


If the data is read from the Get or post, the cookie has no data code to fetch.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.