Hi,
This again adds to one of the security measures. Assuming you are storing some very vital information in your websites cookies e.g. transaction id in an e-commerce website.
It will take less than 10 seconds for any hacker to track down your cookies. All he has to do is to copy a code similar to this one:
javascript:alert(document.cookie.split(';').join('\n'))
go to your e-commerce website and paste it in the address bar and hit enter. As soon as he hits the enter button, immediately an alert box shows up listing all the cookies and PHP session id.
I created a simple example.php file with the following:
<?php
session_start();
setcookie("MY_COOKIE","this is the value of the cookie variable");
?>
then I executed example.php. The I copied and pasted "javascript:alert(document.cookie.split(';').join('\n'))" in the address bar and hit enter. This is what I got:
This again adds to one of the security measures. Assuming you are storing some very vital information in your websites cookies e.g. transaction id in an e-commerce website.
It will take less than 10 seconds for any hacker to track down your cookies. All he has to do is to copy a code similar to this one:
javascript:alert(document.cookie.split(';').join('\n'))
go to your e-commerce website and paste it in the address bar and hit enter. As soon as he hits the enter button, immediately an alert box shows up listing all the cookies and PHP session id.
I created a simple example.php file with the following:
<?php
session_start();
setcookie("MY_COOKIE","this is the value of the cookie variable");
?>
then I executed example.php. The I copied and pasted "javascript:alert(document.cookie.split(';').join('\n'))" in the address bar and hit enter. This is what I got:
Apart from the above, every browser provides some way or the other to view the cookies and its values of a particular website. This is the fastest way to find out. This is useful for QA guys, while analyzing website.
Hope this helps.
No comments:
Post a Comment