This article is a part of our Web Security Knowledge Base (back to index)
Why “Cookie Poisoning” can be dangerous
The Cookie Poisoning attack aims to manipulate, forge or intercept the data stored in HTTP cookies on the user's computer. It makes it possible for the attacker to gain unauthorized access to the web server and steal data or bypass security of your web application.
Many applications keep data stored in the cookies, like user session identifiers, financial data or other sensitive information entered by the user. The data may be used to perform actions like authentication or session hijacking (by means of session identifier), so the attacker may use these poisoned cookies to steal the user's identity or to gain access to your web server.
How to fix “Cookie Poisoning”
To prevent from the cookie poisoning attacks, use unique and secure session cookies, limited to a particular site. Don't allow user input to control HTTP Cookies content (names and values). Filter out semicolons which can serve as name and value pair delimiters if query string parameters must be sent in cookie values. If some user inputs must be stored as a cookie, make sure to validate and sanitize the values before passing them to website cookies.
Use HTTPS connections to secure any data transmission to your web server.
How does ScanRepeat report “Cookie Poisoning”
ScanRepeat identifies places where cookies in the user's browser may be manipulated by looking for any user-supplied input in query string parameters and POST data and reports every occurrence of such a vulnerability.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now