10 lines
428 B
Plaintext
10 lines
428 B
Plaintext
Session Cookie Injection occurs when a web application assigns session cookies
|
|
to users using untrusted data.
|
|
|
|
Session cookies are used by web applications to identify users. Thus,
|
|
controlling these enable control over the identity of the users within the
|
|
application.
|
|
|
|
The injection might occur via a GET parameter, and the payload, for example,
|
|
`https://example.com?cookie=injectedcookie`, delivered using phishing
|
|
techniques. |