Cross-site cooking
Cross-site cooking is a type of
attacker
to set a cookie for a browser
into the cookie domain of another site server
.
Cross-site cooking can be used to perform session fixation attacks, as a malicious site can fixate the session identifier cookie of another site.
Other attack scenarios may also be possible, for example: attacker
may know of a security vulnerability in server
, which is exploitable using a cookie. But if this security vulnerability requires e.g. an administrator password which attacker
does not know, cross-site cooking could be used to fool innocent users to unintentionally perform the attack.
Cross site. Cross-site cooking is similar in concept to
Origins
The name cross-site cooking and concept was presented by Michał Zalewski in 2006.[1] The name is a mix of "cookie" and "cross-site", attempting to describe the nature of cookies being set across sites.
In Michał Zalewski's article of 2006, Benjamin Franz was credited for his discovery, who in May 1998 reported a cookie domain related vulnerability to vendors. Benjamin Franz published the vulnerability and discussed it mainly as a way to circumvent "privacy protection" mechanisms in popular browsers. Michał Zalewski concluded that the bug, 8 years later, was still present (unresolved) in some browsers and could be exploited for cross-site cooking. Various remarks such as "vendors [...] certainly are not in a hurry to fix this" were made by Zalewski and others.
References
External links
- Cross-Site Cooking article by Michal Zalewski. Details concept, 3 bugs which enables Cross Site Cooking. One of these bugs is the age old bug originally found by Benjamin Franz.