Hacking knowledge series Rookie of the tutorial of the Cookies spoofing-vulnerability warning-the black bar safety net

ID MYHACK58:62200713681
Type myhack58
Reporter 佚名
Modified 2007-01-10T00:00:00


First, a few basic concepts

Cookies deception, is in only for the user to do the Cookies the authentication of the system, by modifying Cookies of the content to obtain the appropriate user permissions to log on. (Oh, my own definition, the master don't laugh)

So what is Cookies?, I'm here to give you a professional explanation, Cookies are stored in the browser directory of text files that record your visit to a particular site, and can only be created this Cookies site read back, about by 2 5 5 characters, only accounts for a 4KB hard disk space. When a user is browsing a site, it is stored in the user machine of the random access memory RAM, after exiting the browser, it is stored in the user's hard disk. Stored in Cookies most of the information is common, such as when you browse a site, this file records every keystroke information and the visited site's address. However, many Web sites use Cookies to storage for private data, such as: the registration password, user name, credit card number, etc.

Second, the principle of analysis

We first look at the 6kbbs is how to do in the login. asp we find 1 1 3--1 2 4 lines, see below:


if login=false then tl=" Login failed" mes=mes&"·<a href='javascript:history. go(-1)'><ccid_file border=0 values="pic/re" align=absmiddle />return to re-fill</a>" else Response. Cookies(prefix)("lgname")=lgname session(prefix&"lgname")=lgname Response. Cookies(prefix)("lgpwd")=lgpwd Response. Cookies(prefix)("lgtype")=lgtype Response. Cookies(prefix)("lgcook")=cook if cook>0 then Response. Cookies(prefix). The Expires=date+cook end if

Noobs don't say Halo Ah, you faint I faint, I put this passage mean to put it another way, that is if your log in fails, he will show you logon failed and guide you to return to the previous page, otherwise just write you into the Cookies inside, if your Cookies ever then your expiration time is the your Cookies the expiration time-that is, you save the Cookies of the time.

To get here, you think what? Yes, after log in it as long as the Cookies, and that if my Cookies inside information is administrator I is not become the administrator? Smart, then down to see how we do.

Third, cookies cheat instance

Here I am in 6kbbs, for example, at the same time assuming that you have to get to the website, the database or administrators MD5 encryption of the password. How to take it, to the search engine to search for the keyword“powered by 6kbbs”,then you'll see a bunch of 6kbbs website, his database in http://www.***. com/bbs/db/6k. mdb (after my test, I found that with this forum the people there are at least 6 0% or more is not to change the default database path, I don't know why it. Well, download back or not? We want to start.

First, we go to register a user, and then log on, see? There is a Cookies option must be selected. My choice is to save a month, because the Save will then you on the machine to write into it the Cookies. Next, open the database, see Admin table there's something else besides you as long as the bd is 1 of 6 that person on the line. Likely not, it's okay, you to their forum to wander about, custody of the administrator who is then in the database inside to get his account number and encrypted password to cheat.

Open the IECookiesView, which software is used to view and modify the machine of Cookies, it is convenient to our Cookies cheat invasion.

In IECookiesView find you want to cheat that website, see? Have your user name and MD5 encrypted password, we. these two entries to the administrator, is to put just the database inside the Admin Account and MD5 encrypted password instead of your own. Click on the“change cookies”, open a new IE and then go visit that forum to see? What you now have is administrator, and Oh, don't rock the boat Oh.


1, on this forum of cheating can only get to the front Desk administrator permissions, the background need to enter a password, and Session authentication, not Cookies, so our cheat can not.

2, this forum also upload vulnerability, you can upload Trojans, taking into account many masters have written out the animation tutorial, I here would not write, we are interested can go search about it, learn about it good, not do bad things on the line.

3, Cookies to deceive a substantial presence in the now some not to do Session verification program, so if you get to the database or the Administrator's encrypted password, may wish to try the Cookie trick, there will be unexpected results Oh. 4, limited to conditions, inconvenient for everyone to grab, please forgive me.