How does cookie injection occur_javascript skills

Let’s study the circumstances under which Cookies will be injected! If you have studied ASP, you should know

Copy code The code is as follows :

Request.QueryString (GET)

or

Copy code The code is as follows:

Request.Form (POST)

Oh, yes, this is what we use to read the specified key sent by the user to the WEB server The value! Sometimes in order to simplify the code, we will write it as

Copy the code The code is as follows:

ID =Request("ID")

This way of writing is simple, but here comes the problem~~~ Let’s first look at how the WEB service reads data. It first gets the data in GET, Instead of fetching the data in POST, it will also fetch the data in Cookies (haha, the book doesn’t say that, I only found out after communicating with Xiao Gao~~ It seems that the book is incomplete~~)

Let's look at the anti-injection system again. It will detect the data in GET and POST. If there are special characters (of course, injection characters here)! It will prohibit the submission of data! But it does not detect the data of Cookies! Here comes the problem~~~How do we test whether there is a Cookies injection problem~Please look at the link below first (used as an example, so the link is not real)
http://www.xxx.com/1.asp ?id=123

If we only enter http://www.xxx.com/1.asp, we cannot see normal data because there are no parameters! We want to know if there is any problem with Cookies (also Is there a Request ("XXX") format problem)? First use IE to enter http://www.xxx.com/1.asp

to load the web page, and the display is abnormal (the reason for not entering parameters) In the IE input box, enter
javascript:alert(document.cookie="id=" escape("123"));
Press Enter, and you will see a dialog box pop up with the following content: id=123 After that, you refresh a web page. If it displays normally, it means that data is collected using the format of
Request("ID")
~~~~. In this format, you can try to inject Cookies and enter it in the input box.
javascript:alert(document.cookie="id=" escape("123 and 3=3"));
Refresh the page. If the display is normal, you can try the next step (if it is not normal, it is possible It is also filtered)
javascript:alert(document.cookie="id=" escape("123 and 3=4"));
Refresh the page. If it does not display normally, it means there is injection~ ~~If the programmer uses
Request.QueryString
or
Request.Form
to collect data, there is no problem with Cookies injection, because the service program reads the data directly from GET or POST. Yes, the WEB server ignores whether cookies contain data, so it cannot be injected using cookies! ~