Month: March 2019

  • Cross domain cookie contamination

    TLDR: XSS attacks can be used to set cookies for sub domains that share the same top level domain. This increases the scope of XSS attacks. In a cloud world; several applications are hosted under the same top level domain. An organization can have hostnames such as: company.com: corporate landing page mail.company.com: webmail intranet.company.com: internal […]