Cross-site cooking is a type of browser exploit which allows a site attacker to set a cookie for a browser into the cookie domain of another site server.
Cross-site cooking can be used to perform session fixation attacks, as a malicious site can fixate the session identifier cookie of another site.
Other attack scenarios may also possible, for example: attacker may know of a security vulnerability in server, which is exploitable using a cookie. But if this security vulnerability requires e.g. an administrator password which attacker does not know, cross-site cooking could be used to fool innocent users to unintentionally perform the attack.
Cross site. Cross-site cooking is similar in concept to cross-site scripting, cross-site request forgery, cross-site tracing, cross-zone scripting etc., in that it involves the ability to move data or code between different web sites (or in some cases, between e-mail / instant messages and sites). These problems are linked to the fact that a web browser is a shared platform for different information / applications / sites. Only logical security boundaries maintained by browsers ensures that one site cannot corrupt or steal data from another. However a browser exploit such as cross-site cooking can be used to move things across the logical security boundaries.
Read more about Cross-site Cooking: Origins
Famous quotes containing the word cooking:
“The greatest part of each day, each year, each lifetime is made up of small, seemingly insignificant moments. Those moments may be cooking dinner...relaxing on the porch with your own thoughts after the kids are in bed, playing catch with a child before dinner, speaking out against a distasteful joke, driving to the recycling center with a week’s newspapers. But they are not insignificant, especially when these moments are models for kids.”
—Barbara Coloroso (20th century)