SQL injection cookie injection

One 、 What is? cookie

cookie Sent by the server and stored in the browser , So the next time this unique visitor comes back to the web server , This information can be read back from the browser . It's very useful , Let the browser remember the specific information of this visitor , Like the location of the last visit 、 Time spent or user preferences

Two 、cookie Injection principle

cookie The principle of injection and others SQL The principle of injection is the same , It's just that we used the previous parameters get perhaps post Mode submission , and cookie Injection parameters we use cookie Submitted by .

3、 ... and 、cookie Injected demo

1. Start by opening sqlilabs/Less-20/index.php, The account number and password entered are admin Log in .

2. Enter the page to see the information displayed by the display bit , You can see that the backend gets the information from cookie Information about

3. open burp suite, Click Run in the browser , Grab the data packet as shown in the figure below

4. stay burp suite Of repeater Module for editing

5. Try to close according to the returned error message

payload：Cookie: uname=admin'and 1=1 --+    Found no error reported . You can do it here cookie Inject

6. Get the current database name （ You can use Boolean blind injection or error reporting injection , Error reporting injection is used here ）

payload：Cookie: uname=admin'and updatexml(1,concat(0x7e,(select database()),0x7e),1) --+

View error message ：