Short URL | Threaded Mode | Linear Mode Cookie injection - Need help!! Read mo

[Hackme_mr]

Hello...!

I have been given a lab work where I need to hack a web site using Cookie SQL Injection. The username(agentjax) and password(password_here) are present in the cookie and editable. After editing the password to something else and you try login, it gives a generic MySql error. Also, the response cookie contains the original set of username(agentjax) and password(password_here), which means I need to inject in POST method if I am not wrong... I am struck here and not sure how to bypass the authentiation!

Could any of you help me out on this!

[RedBullAddicted]

I am not an expert on this topic but I guess you need to inject your SQL Statement via the cookie content. Use an intercepting proxy or temper data or something like that and change the values of the cookie (for example cookie:user=admin:password=' or '1' = '1 ). If you google for "sqli cookie" you'll find a lot of tutorials and examples.

Cheers,
RBA

[Hackme_mr]

Hi RBA,


Thanks. I have tried editing the cookie with ' or '1'=1' . Its not working though.


Thanks for ur reply!

[RedBullAddicted]

Yep.. that was just an example. There is always a lot of try and error included with those tasks (at least for me). You get an error when you supply this as password ' or '1' = '1 or does nothing happen? If nothing happens try it with ' or '1' = '2 and see if that makes a difference. As said before I am not a expert on SQLi in any form. Maybe someone else can give you some more tips.

[Hackme_mr]

Alrighty! Thanks...

[Hackme_mr]

Cracked this one.


Used: SELECT*FROM users WHERE name =''OR'1'='1'--;

Gave that in the password cookie and the site was cracked.

Staff note: removed the strange formatting