Cookie Poisoning

Session Poisoning, Cookie Poisoning

Session poisoning or Session Pollution is a term used to refer to security exploit when an invalidated input is assigned to session variables which then gets carried over to other pages opening the supposed to be secured pages to outside world.

It can also refer to a state when more than one application shares the same session variable which when modified without necessary validation causes a race condition.

There is a possibility for an attack or a session hijack when the external agent gets control over the session variable used by victim on the server. Both the agent and the victim needs to have access on the same server for such attacks to take place.

When the same scenario happens on the cookie variables, it is called cookie poisoning.

Precaution to avoid such hijacks are to validate each condition if a cookie or a session is shared or if values are assigned to session or cookies. In such cases, it is also advisable to use a secured transaction path to avoid such attacks.

Share it onShare on FacebookShare on Google+Tweet about this on TwitterShare on LinkedIn
Kurinchi Calendar
June 2017
M T W T F S S
« Apr    
 1234
567891011
12131415161718
19202122232425
2627282930