Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [PEN-TEST] altering non-persistent cookies in memory

From: Thomas Reinke <reinke () E-SOFTINC COM>
Date: Wed, 17 Jan 2001 10:43:03 -0500

        as another side thought can anyone think of a way a developer might
organize a SQL statement that draws data from a cookie could be exploited
by the cookie containing SQL statements?


Ack!  Trust a cookie as much as you trust any other unreliable data
submission vehicle over the web, which is to say, not at all.
If you trust the cookie to contain SQL code/data (of any sort) without
filtering it for strictly allowed data, then you will have problems.

As an example, consider the SQL statement

    insert into table ('$COOKIEVAR');

Now picture a malicious user setting $COOKIEVAR to
   email () somedomain com'); delete from table;

...

Cheers, Thomas

------------------------------------------------------------
Thomas Reinke                            Tel: (905) 331-2260
Director of Technology                   Fax: (905) 331-2504
E-Soft Inc.                         http://www.e-softinc.com
Publishers of SecuritySpace     http://www.securityspace.com
Previous By Date Next
Previous By Thread Next

Current thread: