Stealing HttpOnly cookies with the cookie sandwich technique
Summary
This article details a "cookie sandwich" technique that allows attackers to bypass the HttpOnly flag on certain web servers. The technique is presented as an evolution of previous research into bypassing Web Application Firewalls (WAFs) using specific cookie manipulations.
IFF Assessment
This technique allows attackers to steal sensitive session cookies, which can lead to account takeover and unauthorized access to web applications.
Severity
This score reflects a high severity, as the technique allows for unauthorized access to user sessions (Impact: High) and can potentially be exploited remotely with minimal user interaction (Attack Vector: Network, Exploitability: Low). The specific vulnerability in cookie handling by servers is key to its exploitability.
Defender Context
Defenders should be aware of this advanced cookie manipulation technique and ensure their web applications properly sanitize and validate cookie handling, particularly when the HttpOnly flag is intended as a security measure. Regularly updating web server software and security configurations is crucial to mitigate such vulnerabilities.