By ro0ted | June 2, 2013 - 04:40 | Posted in /b/ | Comments Off on #ro0ted #OpNewblood | Cookie Injections
#ro0ted #OpNewblood | Cookie Injections
Every website transmits what are called Web cookies. These things are responsible for the authentication of web processes and for mantaining some informations flowing constantly. For example: When you log in a website with your username and password, cookies will be the responsible for keeping you logged in 🙂
Okay, so let’s go….
If you type in your url bar:
great, you have found your cookies 🙂
time to change them….
let’s suppose you have a cookie named shit and it is false, then you can change them by simply applying some letters to your code:
great, you have edited it 🙂 every time you log in, the value for shit will be true 🙂
Now let’s use that information in more realistic aspects… You get to know of one SQL value and after some hours of study you discover that it is an md5 hash and that it is the admin’s password. Your have two options… Either bruteforcing the hash to get to know which is the password, or you can simply inject the value for the cookies, which is much easier and faster. The hash in this case is the encryption for world, but let’s suppose it is something much more difficult to discover:
7d793037a0760186574b0282f2f435e7 —-> The Hash!!!
Congrats! You’re in with full admin power xD
(Visited 1 times, 1 visits today)
- You can follow any responses to this entry through the RSS 2.0 feed.
- Both comments and pings are currently closed.