This article is a part of our Web Security Knowledge Base (back to index)
Why “Cookie Poisoning” can be dangerous
The Cookie Poisoning attack aims to manipulate, forge or intercept the data stored in HTTP Cookies making it possible for the attacker to steal data and bypass security. Not only this kind of attack can affect client-side application but also the web server or data transmission.
Many applications store in their cookies session IDs, financial data or other sensitive information entered by the user. The attacker may use these poisoned cookies to steal the user's identity for fraud or to gain access to your web server for further attacks.
How to fix “Cookie Poisoning”
Don’t allow user input to control HTTP Cookies content (names and values). Filter out semicolons which can serve as name and value pair delimiters if query string parameters must be sent in cookie values. Also if some of the user inputs must be stored as a cookie, make sure to validate and sanitize the values before passing them to website cookies.
Use HTTPS connections to secure any data transmission.
How does ScanRepeat report “Cookie Poisoning”
ScanRepeat identifies places where cookies may be manipulated by looking for any user-supplied input in query string parameters and POST data and reports every occurrence of such a vulnerability.
Would you like to test your application now against this problem? Sign up for our free trialScan Your Web App Now