.

SQL Injection in a Cookie

<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Sun Mar 21, 2010 2:38 pm

SQL Injection in a Cookie

What are some tools that can be used to exploit a SQL injection found in a cookie?  I have used Paros and Core Impact to find them, but I am looking for something to exploit it and prove my findings.  

Thanks in advance!
Last edited by Dengar13 on Sun Mar 21, 2010 2:49 pm, edited 1 time in total.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sun Mar 21, 2010 7:35 pm

Re: SQL Injection in a Cookie

I am not sure of which tools would do this automatically.  I am curious as well. 

However, you should be able to do this manually.  Suppose you have a cookie with a set of values, like
  Code:
val1=user;val2=pass;
  The application in theory would check the these fields.  If you enter an injection vector through JS-injection or just tampering with request, you should be able to reach the database.  The application would have to read the cookie though.

  Code:
javascript:void(document.cookie='val1=\' or 1 = 1--')
~~~~~~~~~~~~~~
Ketchup
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Tue Mar 23, 2010 3:02 pm

Re: SQL Injection in a Cookie

Once the cookie data is getting used in the backend DB, it may be exploitable. You should look at something like SQLmap. It will allow you to form custom injections (required here for the cookie).

In addition to the common input sources, the tool can also test cookies.


Although, confirm the vulnerability first with Ketchups manual injections.

Hope it helps
n1p
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Mar 25, 2010 8:56 am

Re: SQL Injection in a Cookie

Thanks you two, this does help.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software