Question 174 - 312-38 discussion

John is performing cookie poisoning. In cookie poisoning, an attacker modifies the value of cookies before sending them back to the server. On modifying the cookie values, an attacker can log in to any other user account and can perform identity theft. The following figure explains how cookie poisoning occurs:

For example:

The attacker visits an online shop that stores the IDs and prices of the items to buy in a cookie. After selecting the items that he wants to buy, the attacker changes the price of the item to 1.

Original cookie values:

ItemID1= 2

ItemPrice1=900

ItemID2=1

ItemPrice2=200

Modified cookie values:

ItemID1= 2

ItemPrice1=1

ItemID2=1

ItemPrice2=1

Now, the attacker clicks the Buy button and the prices are sent to the server that calculates the total price.

Another use of a Cookie Poisoning attack is to pretend to be another user after changing the username in the cookie values:

Original cookie values:

LoggedIn= True

Username = Mark

Modified cookie values:

LoggedIn= True

Username = Admin

Now, after modifying the cookie values, the attacker can do the admin login.

Answer option D is incorrect. A cross site scripting attack is one in which an attacker enters malicious data into a Website. For example, the attacker posts a message that contains malicious code to any newsgroup site. When another user views this message, the browser interprets this code and executes it and, as a result, the attacker is able to take control of the user's system. Cross site scripting attacks require the execution of client-side languages such as JavaScript, Java, VBScript, ActiveX, Flash, etc. within a user's Web environment. With the help of a cross site scripting attack, the attacker can perform cookie stealing, sessions hijacking, etc.