Penetration Testing mailing list archives
Re: [PEN-TEST] altering non-persistent cookies in memory
From: Thomas Reinke <reinke () E-SOFTINC COM>
Date: Wed, 17 Jan 2001 10:43:03 -0500
as another side thought can anyone think of a way a developer might organize a SQL statement that draws data from a cookie could be exploited by the cookie containing SQL statements?
Ack! Trust a cookie as much as you trust any other unreliable data submission vehicle over the web, which is to say, not at all. If you trust the cookie to contain SQL code/data (of any sort) without filtering it for strictly allowed data, then you will have problems. As an example, consider the SQL statement insert into table ('$COOKIEVAR'); Now picture a malicious user setting $COOKIEVAR to email () somedomain com'); delete from table; ... Cheers, Thomas ------------------------------------------------------------ Thomas Reinke Tel: (905) 331-2260 Director of Technology Fax: (905) 331-2504 E-Soft Inc. http://www.e-softinc.com Publishers of SecuritySpace http://www.securityspace.com
Current thread:
- [PEN-TEST] altering non-persistent cookies in memory Hofmeyr, Michael (Jan 16)
- Re: [PEN-TEST] altering non-persistent cookies in memory Philip Stoev (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Tom Watson (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Dzzie Z (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Thomas Reinke (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Robert van der Meulen (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Erik Peterson (Jan 17)
- Re: [PEN-TEST] altering non-persistent cookies in memory Philip Stoev (Jan 17)