BASIC HACK

Friday 7 September 2012

cookie sql injection,injecting via cookie [session based]

this tut will teach you how how to sql inject via cookie [also known as 'session based' or 'cookie parameter'].
first install chrome and download cookie editor addon from Philip.

after goto vulnerable link:
www.vulnerable.com/x.php
open cookie editor


 and add ' to the value "sessID"
 
 and hit sumbit.
error!

 for advanced-
we can learn from the error:
-one n.o.columns
-mq off
-full path /home/americas/public_html/admin/
for beginners-
lets try finding n.o.columns (number of columns) with group by.
click the cookie editor sign and write

Code:
' group by 2--+
Unknown column '2' in 'group statement'
so
Code:
' union select 1 and 'a'='a
(the 'a'='a part is for closing a string)
NOTICE: we cant use union here cause the query get inside a "insert into" query..but union will work on other site.
you can use 'and' for extract data (' and (select 1 from table)--+)
hope you learned something....

2 comments: