cookie injection

Others 2020-04-07 09:20:20 views: null

Although the injection of different locations, but the principles are the same

Principle: change the password, because the password is required to modify the login name called by the cookie (loginname) to modify, that might appear injection vulnerability.

  • cookie you want to change or add their own url encoded coding mark

1. First, we inject judgment
1 cookie injection
2. Here we inject marked in accordance with normal procedure, keywords blind, the result will not do, we look at the error
cookie injection of 2
cookie injection 3
here the easy way to directly read the database, according to the normal procedure is to determine where it should be filtering a.
cookie injection 4
3. Well according to the figure we have found that he is to the filter bracket (actually forget the database parentheses url encoding artefacts form of bracket to be filtered), where we replaced the coding url
cookie injection of 5
4. successful implantation, happy
cookie injection 6

D1stiny
Published 13 original articles · won praise 0 · Views 446
Private letter concerns

Guess you like

Origin blog.csdn.net/m0_46230316/article/details/105290942
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com