Editing local cookie values
I have FireFox, IE 7 and 8, and Chrome. FireFox's Add N Edit Cookies extension won't allow me to change the value to anything with a semicolon in it. Nirsoft's IECookiesView won't show the specific cookie I'm after at all (ASP.NET's session ID cookie).
Are there any other utilities for editing cookies so that I can test this out? My Google-fu seems to be failing me with this one.
Type this into your address bar on the website of the cookie you want to edit. Keep in mind document.cookie is different depending on the domain you are currently viewing. UNION ALL SELECT lname FROM Employee ORDER BY au_lname
Edit: Bobince is right about the semicolon, so here is sql injection without a semicolon.
Tamperdata an addon for firefox has pre-built sql injection and xss strings that you can use for testing outgoing requests. Another option is Acunetix which can test http server variables as well as cookie parameters for xss/sql injection and many more vulnerabilities. The Acuentix xss tester is free. w3af and wapiti are free and open source but they do not test cookie variables.