Cross-site cooking is a type of browser exploit which allows a site attacker
to set a cookie for a browser
into the cookie domain of another site server
.
Cross-site cooking can be used to perform session fixation attacks, as a malicious site can fixate the session identifier cookie of another site.
Other attack scenarios may also possible, for example: attacker
may know of a security vulnerability in server
, which is exploitable using a cookie. But if this security vulnerability requires e.g. an administrator password which attacker
does not know, cross-site cooking could be used to fool innocent users to unintentionally perform the attack.
Cross site. Cross-site cooking is similar in concept to cross-site scripting, cross-site request forgery, cross-site tracing, cross-zone scripting etc., in that it involves the ability to move data or code between different web sites (or in some cases, between e-mail / instant messages and sites). These problems are linked to the fact that a web browser is a shared platform for different information / applications / sites. Only logical security boundaries maintained by browsers ensures that one site cannot corrupt or steal data from another. However a browser exploit such as cross-site cooking can be used to move things across the logical security boundaries.
Read more about Cross-site Cooking: Origins
Famous quotes containing the word cooking:
“Housework is a breeze. Cooking is a pleasant diversion. Putting up a retaining wall is a lark. But teaching is like climbing a mountain.”
—Fawn M. Brodie (19151981)