Tuesday

Cookie Injection - Website Hacking

Cookie hacking or editing can be very fun and can open a lot of doors. First we need to open a browser window and go to a site that uses cookies. Not sure if the site is using cookies here is some code that will let you know if the site is using cookies. Type the following code in a empty address bar.

Code: javascript: alert(document.cookie);

This code is very similar to the code we learned in the basics section. What it does is open an alert box that outputs the cookie file information for the current site. With this little piece of code you should start to see the power of the alert command.

Now that we have seen what data the cookie has in it, let’s change some things. On the site I used when I executed the code above I got “PHPSESSID=5b391ba8c4969af84eb426d469abba1″. The follow code is the code I used to change my cookie value. Depending on your cookie you may need to edit the code or the following code will just be appended to the end of the cookie.

Code: javascript: void(document.cookie=”PHPSESSID = hacked”); alert(document.cookie);

In the code above the PHPSESSID value is changed to hacked and then an alert box is output showing the change to the cookie.

Notice the void command after the javascript declaration. Void is used to return a null value so the browser will not be able to load a new page. Cookie editing can open many doors in the following example you will see how you could hack your way into a website with poor authorization.

Let’s say you find a site that has restricted access to several pages. You check the cookie from the site to see if it is doing anything. The cookie outputs this: loggedIn=no. If you change that value to yes you could get access to the restricted pages without logging like a normal user. The following code changes the cookie value and displays the new value:

Code: javascript: void(document.cookie=”loggedIn=yes”); alert(document.cookie);

For more information on how to improve the website quality, please visit all our websites provided on top-right of this website. If you feel this post is useful, leave us your valuable comment.

No comments:

Providing tips to improve website quality, website speed, website design and website performance is the main objective of this blog. Improving website quality and website performance increases website traffic and page rank. Details on Web technologies, Quality website design, SEO concepts, Developer guides, and website related in IT industry.