I. Target lockingOn MSN, a friend icerover sent a message asking me some questions about cookie injection. At that time, I read the code of the ant cinema system and found its chageusr. asp. the cookie injection vulnerability exists. Here we will briefly analyze its code:
================================ Code =========
After successful login with admin admin, the cookie information is saved and displayed.If you do not click the Delete Your cookie! button, then accesshttp://localhost/sqli-labs-master/Less-20/There is no need to log in again, the username is obtained via cookies and is not verified.Modified by Browser plugin EditthiscookieAdd single quotation marks and refresh the pageI found the error message from MySQL.$s
Cookie transit injection in a general website construction system
Google Keyword: technical support: le Yi Technology (a bit more)The website construction system of a company named Happy arts technology is filtered, but the general anti-injection is used, and cookie transfer injec
Visit the home page to view the submitted message and find that the link parameters are submitted with the cookie. We have detected the cookie injection vulnerability in the fuzz parameter. This problem is serious and we hope to pay attention to it.Detailed description:GET/zhoubian/leyuan/HTTP/1.1Host: sy.tuniu.comUser-Agent: Mozilla/5.0 (X11; Linux i686; rv: 16.
Hello everyone, I am a beginner. In the previous lecture, we learned about "Search injection, today, let's take a look at another uncommon injection method, "cookie injection". Before we talk about it, let's review the Request object knowledge in ASP scripts, in the previous sections, we have mentioned that the common
Www.2cto.com: cookie injection is the Foundation. This question is not specifically addressed in the website.Today, I encountered a website that can be injected with cookies during the website bypass. In addition, my personal website does not seem to have mentioned cookie injection in my previous articles, so today, we
There are two main types of ASP acquisition parameters:
Request.QueryString (Get) or Request.Form (POST)
We sometimes write Id=request ("ID") to simplify the code, because there is a problem with the writing ...
The original Web service reads data like this:
Take the data in get, no more data in the post, and fetch the data from the cookies! That's what I found out.
The usual anti-injection system, he detects the data in Get and post, if there ar
, the characters are injected )!Data submission is prohibited! But he does not detect cookies! The problem is coming ~~~How can we test whether there is any cookie injection problem ~
Take a look at the following connection (for example, the connection is not true)
Http://www.xxx.com/1.asp? Id = 123
If we only loseHttp://www.xxx.com/1.asp
normal data cannot be seen because no parameter exists! w
Tags: can't blog change get post emptying address filter nextTransfer from http://blog.sina.com.cn/s/blog_6b347b2a0101379o.html The principle of cookie injection is the same as normal injection, except that we submit the parameters of the cookie has been submitted, and the general
At present, many websites have added general anti-injection system code, and you cannot input injection statements. At first glance, it feels like this anti-injection system is good, however, anti-injection only prevents QueryString and Form, but ignores Cookies! Therefore, Cookies are injected.First, let's look at how
Let's take a look at how Cookies can be injected! If you have learned ASP, you should knowCopy codeThe Code is as follows:Request. QueryString (GET)OrCopy codeThe Code is as follows:Request. Form (POST)Well, that's right. This is the value that we use to read the specified key that the user sends to the WEB server! Sometimes we writeCopy codeThe Code is as follows:ID = Request ("ID ")This method is simple, but the problem is coming ~~~ Let's first look at how the WEB Service reads data. It first
Let's take a look at how cookies can be injected! If you have learned ASP, you should know
CopyCode The Code is as follows: request. querystring (get)
OrCopy codeThe Code is as follows: request. Form (post)
Well, that's right. This is the value that we use to read the specified key that the user sends to the Web server! Sometimes we writeCopy codeThe Code is as follows: Id = request ("ID ")
This method is simple, but the problem is coming ~~~ Let's first look at how the Web Service reads d
By Mr. DzY from www.0855. TVIt seems that someone has discovered the background cookie spoofing vulnerability, but it seems that the official website has been fixed.Nothing left to worry about. After reading it, we found that no cookie submitted data is filtered and cookie injection is supported.
SemCms is an open sou
1. First access the current injection point file name2. modifying CookiesJavascript:alert (document.cookie= "id=" +escape ("1137"));Modify the cookie content of the current site to id=260 and the pop-up window displays the current cookie contentInjection Point :http://127.0.0.1:800/asp/Production/PRODUCT_DETAIL.asp?id=1137injection Point file name :Http://127.0.0
Cookie injection procedure1) Search for an image like "*. asp? Id = x "class with parameter rul2) Remove "id = x" to check whether the page is normal. If it is abnormal, it indicates that the difference works directly during data transmission.3) Clear the browser address and enter "javascript: alert (document. cookie =" id = "+ escape (" x "));"Press Enter to ret
Many websites now adopt general anti-InjectionProgramIs my website helpless? The answer is no, because we can use the cookie injection method, and many general anti-injection programs are not prepared for this injection method.
Before talking about it, let's review the knowledge of the request object in ASP scripts. i
Beijing University Student Information bar whole site program V1.0 cookie Injection
Cast blogIn the gonggao. asp file, rows 9-31:Dim id, rs, SQLId = trim (request ("id") // noteIf id = "" thenCall list ()Response. endEnd ifSet rs = server. createobject ("adodb. recordset ")SQL = "select * from [gonggao] where id =" cstr (id) // noteIf rs. eof and rs. bof thenResponse. write "no news"Response. endEnd ifFunc
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.