[WEB SECURITY] SQL injection in cookies variable

albinowax at eml.cc albinowax at eml.cc
Sun Aug 28 16:08:37 EDT 2011


I have an example page vulnerable to cookie-based SQLi at
http://hackxor.sourceforge.net/cgi-bin/portal.pl (and a similar page
with a slightly different exploit using JSP in the download)

Predictable self-promotion aside, cookie-based SQLi is very similar to
get/post based SQLi, except that certain characters can't be used. For
example, ';' and ',' are typically treated as delimiters, so they end
the injection if they aren't URL-encoded. A lot of these rules are
server specific though; Tomcat6/JSP treats whitespace as a delimeter
(which is easy to work around in mysql by using /**/ or %0A instead).

albino

On Sun, 28 Aug 2011 15:47 +0200, "OxFFFF 1336"
<0x1336.9 at gmail.com> wrote:

Hey there,



I'm doing some researchs concerning SQL injection in cookies
variable and I want to now if there are previous papers or
materials related to this.



I'll be glad if you can help me with this :)



Many thanx in advance,



Cheers





More information about the websecurity mailing list