Cookie Poisoning

The Cookie Poisoning attack aims to manipulate, forge or intercept the data stored in HTTP cookies on the user's computer. It makes it possible for the attacker to gain unauthorized access to the web server and steal data or bypass security of your web application.

Many applications keep data stored in the cookies, like user session identifiers, financial data or other sensitive information entered by the user. The data may be used to perform actions like authentication or session hijacking (by means of session identifier), so the attacker may use these poisoned cookies to steal the user's identity or to gain access to your web server.

To prevent from the cookie poisoning attacks, use unique and secure session cookies, limited to a particular site. Don't allow user input to control HTTP Cookies content (names and values). Filter out semicolons which can serve as name and value pair delimiters if query string parameters must be sent in cookie values. If some user inputs must be stored as a cookie, make sure to validate and sanitize the values before passing them to website cookies.

Use HTTPS connections to secure any data transmission to your web server.

ScanRepeat identifies places where cookies in the user's browser may be manipulated by looking for any user-supplied input in query string parameters and POST data and reports every occurrence of such a vulnerability.