Hey there,
I'm doing some researchs concerning SQL injection in cookies variable and
I want to now if there are previous papers or materials related to this.
I'll be glad if you can help me with this :)
Many thanx in advance,
Cheers
Hello 65535,
The following advisory regarding OpenX and the associated demo video
described SQL injection using the cookie:
http://resources.enablesecurity.com/advisories/openx-2.6.4-multiple.txt
Any user input (in this case, any part of the HTTP request) can be
used for SQL injection if it is in some way passed to an SQL
statement. As usual, google is indeed your friend - there are various
documented cases of SQL injection through cookies :)
Sandro Gauci
Chief Consultant and Founder of EnableSecurity
Email: sandro@enablesecurity.com
Web: http://enablesecurity.com/
PGP: 514D B10C 8C3C 15BB 2EFD 49EC 7CCD 73C5 0295 F23B
On Sun, Aug 28, 2011 at 2:47 PM, OxFFFF 1336 0x1336.9@gmail.com wrote:
Hey there,
I'm doing some researchs concerning SQL injection in cookies variable and I
want to now if there are previous papers or materials related to this.
I'll be glad if you can help me with this :)
Many thanx in advance,
Cheers
The Web Security Mailing List
WebSecurity RSS Feed
http://www.webappsec.org/rss/websecurity.rss
Join WASC on LinkedIn http://www.linkedin.com/e/gis/83336/4B20E4374DBA
WASC on Twitter
http://twitter.com/wascupdates
websecurity@lists.webappsec.org
http://lists.webappsec.org/mailman/listinfo/websecurity_lists.webappsec.org
SQL injection does not happen in cookies. It happens in database. The
injection could be done via forms, url, cookies, web services, etc but the
data has to go to a database. So any material on sql injection is relevant
here as well.
So you may want to get more context on what is it that you are trying to do
via cookies.
Thanks,
Anurag Agarwal
MyAppSecurity LLC
Cell - 919-244-0803
Email - anurag@myappsecurity.com
Website - http://www.myappsecurity.com
Blog - http://myappsecurity.blogspot.com
LinkedIn - http://www.linkedin.com/in/myappsecurity
Twitter: https://twitter.com/#!/myappsecurity
From: websecurity-bounces@lists.webappsec.org
[mailto:websecurity-bounces@lists.webappsec.org] On Behalf Of OxFFFF 1336
Sent: Sunday, August 28, 2011 9:47 AM
To: websecurity@lists.webappsec.org; websecurity@webappsec.org;
webappsec@securityfocus.com
Subject: [WEB SECURITY] SQL injection in cookies variable
Hey there,
I'm doing some researchs concerning SQL injection in cookies variable and I
want to now if there are previous papers or materials related to this.
I'll be glad if you can help me with this :)
Many thanx in advance,
Cheers
I have an example page vulnerable to cookie-based SQLi at
http://hackxor.sourceforge.net/cgi-bin/portal.pl (and a similar page
with a slightly different exploit using JSP in the download)
Predictable self-promotion aside, cookie-based SQLi is very similar to
get/post based SQLi, except that certain characters can't be used. For
example, ';' and ',' are typically treated as delimiters, so they end
the injection if they aren't URL-encoded. A lot of these rules are
server specific though; Tomcat6/JSP treats whitespace as a delimeter
(which is easy to work around in mysql by using /**/ or %0A instead).
albino
On Sun, 28 Aug 2011 15:47 +0200, "OxFFFF 1336"
0x1336.9@gmail.com wrote:
Hey there,
I'm doing some researchs concerning SQL injection in cookies
variable and I want to now if there are previous papers or
materials related to this.
I'll be glad if you can help me with this :)
Many thanx in advance,
Cheers