Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Cookie Poisoning


Cookie Poisoning

By ghostghost | 13163 Reads |
0     0

One of the major mistakes which web masters make is considering that all data they set stay the same. These things are usually harmless to them such as cookies and hidden form details.

To start with I am going to show how the web master sets his data for his vulnerable CMS.

He begins with a form :-

[username] Username [********] Password [Button] Submit button

Once the form is submitted, the backend PHP which recieves the $_POST is as follows.

Right, so now we have checked the database for for a the username and password and set the cookie. Presuming our attacker’s username and password are correct then the cookie will be something of the folowing

UID = “tom:password123”.

Later on our attack visits a protected page and his cookie is checked with this code.

Now, if the cookie stays the same the SQL query is safe. However, if you change the cookie you can use it as simply as a basic SQL injection.

Right, now we have see how basic cookie poisoning works with SQL Injection. This can also be utilised in all other major web vulnerabilities.

Comments
ghost's avatar
ghost 18 years ago

what? no chocolate chips?:wow:

ghost's avatar
ghost 18 years ago

Nice article. This proves yet again how important it is to consider all data not filtered as tainted.

ghost's avatar
ghost 18 years ago

bacause of this i learn something, therefore it forfils its pupose :D

good article mozzer

ghost's avatar
ghost 18 years ago

Cheers, every webmaster should take something from this

ghost's avatar
ghost 18 years ago

Yes, good article, you always gotta be sure you are filtering every possible string.

ghost's avatar
ghost 18 years ago

Man this is good stuff. ;) for some reason i wasnt even thinkin about it like that :whoa: I know that is a security vulnerability i wouldve let slide by :@ but now.. now i feel like i can do so much more :evil: oh yeaah thas right
good stuff man, real good stuff

ranma's avatar
ranma 18 years ago

That is sweet! I wonder how many sites have that vulnerability?:D

ghost's avatar
ghost 17 years ago

Too many.:ninja:

ghost's avatar
ghost 16 years ago

Good article, you should make more.

sam207's avatar
sam207 16 years ago

It's so sweet nice & well written.. Thanks mozzer.

ghost's avatar
ghost 15 years ago

ok so…. im doin basic challenge 20, and i cant quite figure this out. after looking at this article (well written btw) i thought i knew how to do it. but whatever i tried, i couldnt figure anything out. can i pm someone?

ghost's avatar
ghost 15 years ago

ok so…. im doin basic challenge 20, and i cant quite figure this out. after looking at this article (well written btw) i thought i knew how to do it. but whatever i tried, i couldnt figure anything out. can i pm someone?

stealth-'s avatar
stealth- 15 years ago

Amazing article for basic 20, well written and doesn't give too much away. We need more articles like this!

ghost's avatar
ghost 14 years ago

awsome article, really explains things without making it like hello skiddie take this and paste there. :love::love: very well written ty