Examples of the use of Cookies files of the advanced deception techniques-vulnerability warning-the black bar safety net

2007-05-15T00:00:00
ID MYHACK58:62200715449
Type myhack58
Reporter 佚名
Modified 2007-05-15T00:00:00

Description

First, a few basic concepts

cookies deception, is in only for the user to do the cookies the authentication of the system, by modifying cookies of the content to obtain the appropriate user permissions to log on.

So what is cookies?, I'm here to give you a professional explanation, cookies are stored in the browser directory of text files that record your visit to a particular site, and can only be created this cookies site read back, about by 2 5 5 characters, representing only 4kb of space. When a user is browsing a site, it is stored in the user machine of the random access memory ram, after exiting the browser, it is stored in the user's hard disk. Stored in cookies most of the information is common, such as when you browse a site, this file records every keystroke information and the visited site's address. However, many web sites use cookies to storage for private data, such as: the registration password, user name, credit card number, etc.

Second, the principle of analysis

We first look at the 6kbbs is how to do in the login. asp we find 1 1 3--1 2 4 lines, see below:

if login=false then tl=" Login failed" mes=mes&"

·Return to re-fill out the" else response. cookies(prefix)("lgname")

=lgname (prefix"lgname")=

lgname response. cookies(prefix)("lgpwd")=

lgpwd response. cookies(prefix)("lgtype")=

lgtype response. cookies(prefix)("lgcook")=

cook if cook>0 then response. cookies(prefix). expires=

date+cook end if

I put this passage mean to put it another way, that is if your log in fails, he will show you logon failed and guide you to return to the previous page, otherwise just write you into the cookies inside, if your cookies ever then your expiration time is the your cookies the expiration time-that is, you save the cookies of the time.

To get here, you think? Yes, after log in it as long as the cookies, and that if my cookies inside information is administrator I is not become the administrator? Smart, then down to see how we do.

Third, cookies cheat instance

Here I am in 6kbbs, for example, at the same time assuming that you have to get to the website, the database or administrators md5 encryption of the password. How to take it, to the search engine to search for the keyword“powered by 6kbbs”,then you'll see a bunch of 6kbbs website,

First, we go to register a user, and then log on, see? There is a cookies option must be selected. My choice is to save a month, because the Save will then you on the machine to write into it the cookies. Next, open the database, see admin table there's something else besides you as long as the bd is 1 of 6 that person on the line. Likely not, it's okay, you to their forum to wander about, custody of the administrator who is then in the database inside to get his account number and encrypted password to cheat.

Open the iecookiesview, which software is used to view and modify the machine of cookies, it is convenient to our cookies cheat invasion.

In iecookiesview find you want to cheat that website, see? Have your user name and md5 encrypted password, we. these two entries to the administrator, is to put just the database inside the Admin Account and md5 encrypted password instead of your own. Click on the“change cookies”, open a new ie and then go visit that Forum and see no? You now have is the administrator.

Digression

1, on this forum of cheating can only get to the front Desk administrator permissions, the background need to enter a password, and session authentication, not cookies, so our cheat can not.

2, this forum also upload vulnerability, you can upload Trojans, taking into account many masters have written out the animation tutorial, I here would not write, we are interested can go search about it, learn about it good, not do bad things on the line.

3, cookies to deceive a substantial presence in the now some not to do session validation, so if you get to the database or the Administrator's encrypted password, may wish to try the cookie trick, there will be unexpected results Oh.