Month: March 2019

  • Cross domain cookie contamination

    TLDR: XSS attacks can be used to set cookies for sub domains that share the same top level domain. This increases the scope of XSS attacks. In a cloud world; several applications are hosted under the same top level domain. An organization can have hostnames such as: corporate landing page webmail internal […]