Thank you guys for the help!
@albino: Concerning the ";" and " " didn't know about this :) But it's very
logical.
@Anurag: Sure, the SQLi can just be in cookies variables when not sanitized.
@Sandro: The video is awsome. Thank you for the links.
Cheers
2011/8/28 albinowax@gmail.com
I have an example page vulnerable to cookie-based SQLi at
http://hackxor.sourceforge.net/cgi-bin/portal.pl (and a similar page
with a slightly different exploit using JSP in the download)
Predictable self-promotion aside, cookie-based SQLi is very similar to
get/post based SQLi, except that certain characters can't be used. For
example, ';' and ',' are typically treated as delimiters, so they end
the injection if they aren't URL-encoded. A lot of these rules are
server specific though; Tomcat6/JSP treats whitespace as a delimeter
(which is easy to work around in mysql by using /**/ or %0A instead).
albino
On Sun, 28 Aug 2011 15:47 +0200, "OxFFFF 1336"
0x1336.9@gmail.com wrote:
Hey there,
I'm doing some researchs concerning SQL injection in cookies
variable and I want to now if there are previous papers or
materials related to this.
I'll be glad if you can help me with this :)
Many thanx in advance,
Cheers
Thank you guys for the help!
@albino: Concerning the ";" and " " didn't know about this :) But it's very
logical.
@Anurag: Sure, the SQLi can just be in cookies variables when not sanitized.
@Sandro: The video is awsome. Thank you for the links.
Cheers
2011/8/28 <albinowax@gmail.com>
> I have an example page vulnerable to cookie-based SQLi at
> http://hackxor.sourceforge.net/cgi-bin/portal.pl (and a similar page
> with a slightly different exploit using JSP in the download)
>
> Predictable self-promotion aside, cookie-based SQLi is very similar to
> get/post based SQLi, except that certain characters can't be used. For
> example, ';' and ',' are typically treated as delimiters, so they end
> the injection if they aren't URL-encoded. A lot of these rules are
> server specific though; Tomcat6/JSP treats whitespace as a delimeter
> (which is easy to work around in mysql by using /**/ or %0A instead).
>
> albino
>
> On Sun, 28 Aug 2011 15:47 +0200, "OxFFFF 1336"
> <0x1336.9@gmail.com> wrote:
>
> Hey there,
>
>
>
> I'm doing some researchs concerning SQL injection in cookies
> variable and I want to now if there are previous papers or
> materials related to this.
>
>
>
> I'll be glad if you can help me with this :)
>
>
>
> Many thanx in advance,
>
>
>
> Cheers
>
>
>