sup.
this tut will teach you how how to sql inject via cookie [also known as 'session based' or 'cookie parameter'].

until now,we know about two methods:
get - via url
http://site.com/*.php?id=1 union select ....
for example
http://www.evt-me.com/newsdetail.php?id=8
post - via box
like this one
code:
http://www.health.gov.mv/ (in the search box)
.

and now,we gonna learn cookie.
lets strat:
first,you need google chrome.
https://www.google.com/chrome/index.html







after you have downloaded,download the addon "cookie editor" from philip.
https://chrome.google.com/webstore/searc...itor?hl=en
click "+ add to chrome"


first,thanks to hooded robin,that gave me the site for testing.thanks man.

now after we downloaded chrome and cookie editor,lets strat for real-
get in vuln site.
for example-
http://www.caucusforamerica.com/opinion.art.php
not id=1 or search box. lets do it with cookie sqli.
click the cookie editor sign





and add ' to the value "sessid"





and hit sumbit.
error!


for advanced-
we can learn from the error:
-one n.o.columns
-mq off
-full path /home/americas/public_html/admin/
for beginners-
lets try finding n.o.columns (number of columns) with group by.
click the cookie editor sign and write


code:
' group by 2--+
code:




unknown column '2' in 'group statement'
so


code:
' union select 1 and 'a'='a
code:

(the 'a'='a part is for closing a string)
notice: we cant use union here cause the query get inside a "insert into" query..but union will work on other site.
you can use 'and' for extract data (' and (select 1 from table)--+)