Cross-site cooking is a type of browser exploit which allows a site attacker to set a cookie for a browser into the cookie domain of another site server.
Cross-site cooking can be used to perform session fixation attacks, as a malicious site can fixate the session identifier cookie of another site.
Other attack scenarios may also possible, for example: attacker may know of a security vulnerability in server, which is exploitable using a cookie. But if this security vulnerability requires e.g. an administrator password which attacker does not know, cross-site cooking could be used to fool innocent users to unintentionally perform the attack.
Cross site. Cross-site cooking is similar in concept to cross-site scripting, cross-site request forgery, cross-site tracing, cross-zone scripting etc., in that it involves the ability to move data or code between different web sites (or in some cases, between e-mail / instant messages and sites). These problems are linked to the fact that a web browser is a shared platform for different information / applications / sites. Only logical security boundaries maintained by browsers ensures that one site cannot corrupt or steal data from another. However a browser exploit such as cross-site cooking can be used to move things across the logical security boundaries.
Read more about Cross-site Cooking: Origins
Famous quotes containing the word cooking:
“I put away my brushes; resolutely crucified my divine gift, and while it hung writhing on the cross, spent my best years and powers cooking cabbage. “A servant of servants shall she be,” must have been spoken of women, not Negroes.”
—Jane Grey Swisshelm, U.S. newspaperwoman, abolitionist, and human rights activist. Half a Century, ch. 8 (1880)