Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Cookie poisoning as in Basic20 (Basic20-spoiler)

  1. Home
  2. Forum
  3. Web hacking
  4. Cookie poisoning as in Basic20 (Basic20-spoiler)

ghost's Avatar

ghost

0 0

Hey, I have just recently finished Basic 20, with a bit of help from -cL's article on some basic webhacks.

Basic 20 is using a MySQL-login which uses cookies; you poison the cookie with some MySQL-code and you get in.

So, I finished the challenge, but I don't see where it fits in the code.. I have no idea how the cookies are used in the login-system, making it possible to inject MySQL through them.

Could someone give me a piece of example code for a login like the one applied in Basic 20?

I would really appreciate it, because it will enable me to see what I did there.

Thanks anyway -cL for letting me finish the challenge!


spyware's Avatar

spyware

Banned
0 0

You should code some PHP. Here, an example:

markupSELECT $cookievalue FROM example_table

If you brush up your PHP skills you will get it.


ghost's Avatar

ghost

0 0

That's the part I did understand ;) But but but..

Is it like this?

  • Login using MySQL;
  • Set 'whoami' in cookie;
  • Check the value on 'whoami' and display data based on this intel (You are logged in as) >> Injection SELECT * FROM … WHERE user='$cookievalue'OR'1'='1'

Something like that?