cookie sql injection

  • For support and Advertisement ICQ: 481465 Jabber: verifiedcarder@xmpp.jp

annhtow57

Staff member
Forum Staff
Feb 23, 2018
401
96
28
24
Bangladesh
#1
Hello In this tut will teach you how how to sql inject via cookie [also known as 'session based' or 'cookie parameter'].


until now,we know about two methods:
GET - via url
http://site.com/*.php?id=1union select ....
for example
404 Not Found
POST - via box
like this one
Not Found (in the search box).


and now,we gonna learn cookie.
lets strat:
first,you need google chrome.
https://www.google.com/chrome/index.html


after you have downloaded,download the addon "Cookie Editor" from Philip.
https://chrome.google.com/webstore/category/extensions?hl=en
click "+ ADD TO CHROME"


now after we downloaded chrome and cookie editor,lets strat for real-
get in vuln site.
for example-
http://www.caucusforamerica.com/opinion.art.php
not id=1 or search box. lets do it with cookie sqli.
click the cookie editor sign


and add ' to the value "sessID"
and hit sumbit.
error!


for advanced-
we can learn from the error:
-one n.o.columns
-mq off
-full path /home/americas/public_html/admin/
for beginners-
lets try finding n.o.columns (number of columns) with group by.
click the cookie editor sign and write
Code:
' group by 2--+
Spoiler (Click to View)
Unknown column '2' in 'group statement'
so
Code:
' union select 1 and 'a'='a
(the 'a'='a part is for closing a string)
NOTICE: we cant use union here cause the query get inside a "insert into" query..but union will work on other site.
you can use 'and' for extract data (' and (select 1 from table)--+)


hope you learned something