HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 43 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Web Applicationsarrow SQL Injection in a Cookie
EH-Net
May 21, 2013, 02:43:43 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: SQL Injection in a Cookie  (Read 5629 times)
0 Members and 1 Guest are viewing this topic.
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« on: March 21, 2010, 02:38:05 PM »
What are some tools that can be used to exploit a SQL injection found in a cookie?  I have used Paros and Core Impact to find them, but I am looking for something to exploit it and prove my findings.  

Thanks in advance!
« Last Edit: March 21, 2010, 02:49:53 PM by Dengar13 » Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Ketchup
Hero Member
*****
Offline Offline

Posts: 1021



View Profile
« Reply #1 on: March 21, 2010, 07:35:54 PM »
I am not sure of which tools would do this automatically.  I am curious as well. 

However, you should be able to do this manually.   Suppose you have a cookie with a set of values, like
Code:
val1=user;val2=pass;
  The application in theory would check the these fields.   If you enter an injection vector through JS-injection or just tampering with request, you should be able to reach the database.   The application would have to read the cookie though.

Code:
javascript:void(document.cookie='val1=\' or 1 = 1--')
Logged
~~~~~~~~~~~~~~
Ketchup
n1p
Jr. Member
**
Offline Offline

Posts: 89


View Profile WWW
« Reply #2 on: March 23, 2010, 03:02:31 PM »
Once the cookie data is getting used in the backend DB, it may be exploitable. You should look at something like SQLmap. It will allow you to form custom injections (required here for the cookie).

Quote
In addition to the common input sources, the tool can also test cookies.

Although, confirm the vulnerability first with Ketchups manual injections.

Hope it helps
n1p
Logged
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #3 on: March 25, 2010, 08:56:25 AM »
Thanks you two, this does help.
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.048 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.