Shulou(Shulou.com)06/01 Report--

There are three ways to submit data on a Web page: get, post, and cookie. Traditional injection commands such as "and 1=1" are added after the injection point, which belong to the get submission mode. Many websites filter only for the get mode, so this provides an opportunity for Cookie injection.

In the previous blog post, we have introduced cookie injection through injection transfer. In order to deepen our understanding of cookie injection, we use BurpSuite to capture packets and pangolin to inject cookies. The experimental environment built before is still used. The target website adopts the Southern Data 5.0 template. The target server IP address is 192.168.80.129, and the *** host IP address is 192.168.80.128.

Burp Suite is a powerful Web*** integrated platform, its use is also more complex, here mainly used in its capture function. Software download address: http://down.51cto.com/data/1889494, Burp Suite to run on Java environment, so you also need to install Java in the *** host.

Open the target website and set this machine as a proxy server in your browser, port number 8080. All data sent to the web via the browser will be intercepted by Burp Suite.

Open a web page, when the data is intercepted by BurpSuite, you can see from the intercepted data,"? id=25"This type of information is submitted as a get.

Click forward to forward the data and open the web page normally. Add an injection statement such as "and 1=1" to the address bar, press Enter, and the data is intercepted again by BurpSuite.

From the intercepted data, we can see that the data submitted by get becomes the injection statement we just entered.

Now that we understand how data submission works, let's use the tool "pangolin" to inject cookies.

Run Pangolin, copy the URL of the injection point to the URL bar, and then click the check button on the toolbar. Pangolin can automatically determine that the injection type is cookie injection (if it cannot be detected, you can try several URLs).

Then click "Get Data"->"Get Table" to pop up the tables contained in the database, among which the "admin" table is obviously of concern to us.

Check the "admin" table, click Get Column, and the fields contained in the table will pop up.

Select the password and username fields, click Get Data in the right window, and the username and password will pop out successfully.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.