Cross-site cooking is a type of browser exploit which allows a site attacker to set a cøøkíé for a browser into the cøøkíé domain of another site server.
Cross-site cooking can be used to perform session fixation attacks, as a malicious site can fixate the session identifier cøøkíé of another site.
Other attack scenarios may also be possible, for example: attacker may know of a security vulnerability in server, which is exploitable using a cøøkíé. But if this security vulnerability requires e.g. an administrator password which attacker does not know, cross-site cooking could be used to fool innocent users to unintentionally perform the attack.
Cross site. Cross-site cooking is similar in concept to cross-site scripting, cross-site request forgery, cross-site tracing, cross-zone scripting etc., in that it involves the ability to move data or code between different web sites (or in some cases, between e-mail / instant messages and sites). These problems are linked to the fact that a web browser is a shared platform for different information / applications / sites. Only logical security boundaries maintained by browsers ensures that one site cannot corrupt or s†éál data from another. However a browser exploit such as cross-site cooking can be used to move things across the logical security boundaries.
You do not have permission to view the full content of this post.
Log in or register now.