[WEB SECURITY] SQL injection in cookies variable

OxFFFF 1336 0x1336.9 at gmail.com
Sun Aug 28 18:42:18 EDT 2011


Thank you guys for the help!

@albino: Concerning the ";" and " " didn't know about this :) But it's very
logical.
@Anurag: Sure, the SQLi can just be in cookies variables when not sanitized.
@Sandro: The video is awsome. Thank you for the links.

Cheers

2011/8/28 <albinowax at gmail.com>

>  I have an example page vulnerable to cookie-based SQLi at
> http://hackxor.sourceforge.net/cgi-bin/portal.pl (and a similar page
> with a slightly different exploit using JSP in the download)
>
> Predictable self-promotion aside, cookie-based SQLi is very similar to
> get/post based SQLi, except that certain characters can't be used. For
> example, ';' and ',' are typically treated as delimiters, so they end
> the injection if they aren't URL-encoded. A lot of these rules are
> server specific though; Tomcat6/JSP treats whitespace as a delimeter
> (which is easy to work around in mysql by using /**/ or %0A instead).
>
> albino
>
> On Sun, 28 Aug 2011 15:47 +0200, "OxFFFF 1336"
> <0x1336.9 at gmail.com> wrote:
>
> Hey there,
>
>
>
> I'm doing some researchs concerning SQL injection in cookies
> variable and I want to now if there are previous papers or
> materials related to this.
>
>
>
> I'll be glad if you can help me with this :)
>
>
>
> Many thanx in advance,
>
>
>
> Cheers
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20110829/65ce72bf/attachment-0003.html>


More information about the websecurity mailing list