Shulou(Shulou.com)06/02 Report--

This article introduces the relevant knowledge of "what is the principle of Web network security analysis cookie injection attack". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Cookie injection attack

The test address for the cookie injection attack is http://127.0.0.1/sqli/cookie.php.

It is found that there is no GET parameter in URL, but the page returns normally. Using Burp Suite to grab the packet, it is found that there is a parameter of id=1 in cookie, as shown in figure 56.

Figure 56 cookie data

Change the id=1 in cookie to id=1', and then visit the URL again and find that the page returns an error. Next, modify id=1 and 1 and id=1 and 1 in cookie respectively, visit again to determine whether the page has SQL vulnerabilities, return the results as shown in figure 57 and figure 58, and draw the conclusion that there is SQL injection in the parameter ID in cookie.

Figure 57 results of accessing id=1 and 1 # 1

Figure 58 results of accessing id=1 and 1 / 2

Then use the order by query field and use the Union injection method to complete this injection.

Cookie injection Code Analysis

Through $_ COOKIE, you can get the data in the browser cookie, and in the cookie injection page, the program gets the parameter ID through $_ COOKIE, and then splices the ID directly into the select statement to query. If there is no result, the result is output to the page, as shown below.

As you can see here, there is a SQL injection vulnerability because the parameter ID in coookie is not filtered and directly spliced into the SQL statement. The SQL statement that executes when you add id=1 union select 1, 2, and 3 + to cookie is:

Select * from users where `id` = 1 union select 1pm 2meme 3Murray +

At this point, the SQL statement can be divided into two items: select * from users where `id` = 1 and union select 1 from users where 2p3. The second statement (Union query) can be used to obtain the data in the database.

This is the end of the content of "Web Network Security parsing the principle of cookie injection attack". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.