Episode 27: Top 7 Esoteric Web Vulnerabilities
Critical Thinking - Bug Bounty Podcast
00:00
Cookie Jar Overflow: Exploiting Native Browser Behavior
Cookie bombing is exploiting just like sort of native browser behavior around how cookies are set and sent. With cookie bombing, for example, you can set multiple cookies for the same host on different paths. And that will result in the whatever user's browser not being able to access the target website until they clear their cookies. Here's a fun one here. If you do this on a subpart of a website that is not the top URL, because what people will do sometimes is they can't access the website. They'll delete the cookies for the specific website that they're on. That's never in the user's top level browser. It really helps with CVSS stuff like subdomain take
Transcript
Play full episode
