{"id":7273,"date":"2013-04-11T20:06:52","date_gmt":"2013-04-12T01:06:52","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=7273"},"modified":"2013-04-11T20:06:52","modified_gmt":"2013-04-12T01:06:52","slug":"yummy-cookies-across-domains","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2013\/04\/11\/yummy-cookies-across-domains\/","title":{"rendered":"Yummy Cookies Across Domains"},"content":{"rendered":"<p><a href=\"https:\/\/github.com\/blog\/1466-yummy-cookies-across-domains\">Vicent Mart&iacute;<\/a> (via <a href=\"https:\/\/alpha.app.net\/lapcat\/post\/4665419\">Jeff Johnson<\/a>):<\/p>\n<blockquote cite=\"https:\/\/github.com\/blog\/1466-yummy-cookies-across-domains\"><p>As we&rsquo;ve seen, by overflowing the cookie jar in the web browser, we can craft\nrequests with evil cookies that cannot be blocked server-side. There&rsquo;s nothing\nparticularly new here: Both Egor&rsquo;s original proof of concept and the variations\nexposed here have been known for a while.<\/p><p>As it stands right now, hosting custom user content under a subdomain is simply\na security suicide, particularly accentuated by Chrome&rsquo;s current implementation choices.\nWhile Firefox handles more gracefully the distinction between Parent Domain and Subdomain\ncookies (sending them in more consistent ordering, and separating their storage to prevent overflows\nfrom a subdomain), Chrome performs no such distinction and treats session\ncookies set through JavaScript the same way as <code>Secure HttpOnly<\/code> cookies set from the server,\nleading to a very enticing playground for tossing attacks.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Vicent Mart&iacute; (via Jeff Johnson): As we&rsquo;ve seen, by overflowing the cookie jar in the web browser, we can craft requests with evil cookies that cannot be blocked server-side. There&rsquo;s nothing particularly new here: Both Egor&rsquo;s original proof of concept and the variations exposed here have been known for a while.As it stands right now, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[48,96],"class_list":["post-7273","post","type-post","status-publish","format-standard","hentry","category-technology","tag-security","tag-web"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7273","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=7273"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7273\/revisions"}],"predecessor-version":[{"id":7274,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/7273\/revisions\/7274"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=7273"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=7273"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=7273"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}