Show Posts
1
Hacking and Security / Query about cookie security and website hacking
« on: October 18, 2014, 11:14:16 pm »
I have a simple login page on a classic asp page.
It takes the username field from a form ("un") and the password ("pw") and does the following with them:
Then I have some simple validation at the top of each page whose contain I only want logged in users to be able to see, which does this:
I wanted to check - is that naively simple?
Could someone easily hack into my site, by e.g. setting a cookie on their computer, called "test" and whose value = "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"?
Or wouldn't it be pretty unlikely someone would guess that string value of "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"?
According to this:
http://stackoverflow.com/questions/26430061/classic-asp-cookie-vulnerability
It is totally rubbish.
However, how could a hacker hack into my site? Leaving aside the paramaterised input issue, which is a separate issue, why is the cookie method so risky?
Because wouldn't the hacker have to guess that the string value of "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY" to get in, or can they use snooping tools like wireshark to intercept a user logging into the site?
Wouldn't they still have to be in the right place at the right time to accidentally come across someone trying to log in in the first place in order to get this info? Otherwise, how would they know what to look for, if no activity was going on?
Any advice much appreciated.
Thanks
It takes the username field from a form ("un") and the password ("pw") and does the following with them:
Code: [Select]
<%
un = newstr(request.form("un"))
pw = newstr(request.form("pw"))
SQL = "SELECT * from my_table WHERE un = '"&un&"' AND pw = '"&pw&"'"
set cRS = oConn.Execute(SQL)
if cRS.EOF then
%>
<p>Unable to log you in. Please <a href="default.asp">try logging in again</a>.</p>
<%
elseif NOT cRS.EOF then
Response.Cookies("test") = "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY" Response.Cookies("test").Expires = Date() + 365
response.redirect "main.asp"
end if
%>
Then I have some simple validation at the top of each page whose contain I only want logged in users to be able to see, which does this:
Code: [Select]
<%
test = Request.Cookies("test")
if test = "" OR test <> "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY" then response.redirect("default.asp")
%>I wanted to check - is that naively simple?
Could someone easily hack into my site, by e.g. setting a cookie on their computer, called "test" and whose value = "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"?
Or wouldn't it be pretty unlikely someone would guess that string value of "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY"?
According to this:
http://stackoverflow.com/questions/26430061/classic-asp-cookie-vulnerability
It is totally rubbish.
However, how could a hacker hack into my site? Leaving aside the paramaterised input issue, which is a separate issue, why is the cookie method so risky?
Because wouldn't the hacker have to guess that the string value of "jeQmV4'QG)Eu'N-XSTC;pZeuwqUsjBdVv>Sqr!]ZhzB{dJ'p-#cYSdwY" to get in, or can they use snooping tools like wireshark to intercept a user logging into the site?
Wouldn't they still have to be in the right place at the right time to accidentally come across someone trying to log in in the first place in order to get this info? Otherwise, how would they know what to look for, if no activity was going on?
Any advice much appreciated.
Thanks