Cook bombs, or how to put the Internet
Did you know that the subdomain sub.host.com can set cookies for * .host.com? For sure, yes.
And how much can he put them? Lots of.
And how much will the browser send them later? Everything!
And what happens if you “spam” the main domain with your cookie bombs? On the entire .host.com system, all requests will have a super long cookie header added by the browser, and these requests will not be processed by the server due to the size being too large.
Simply speaking, after visiting a special page, you will not be able to visit, for example, such sites: * .wordpress.com, * .imtqy.com, your “ecosystem” of Google will break if I spam, googleusercontent, and do not forget about Content Delivery Network - having spammed the main domain network_name.net, all JS and styles stored there will no longer be loaded!
')
Moreover, you can "spam" so a specific / dontlike way, for example, a competitor post on blobspote / toggle / wordpress.
I propose to discuss how to fix this problem.
And how much can he put them? Lots of.
And how much will the browser send them later? Everything!
And what happens if you “spam” the main domain with your cookie bombs? On the entire .host.com system, all requests will have a super long cookie header added by the browser, and these requests will not be processed by the server due to the size being too large.
Simply speaking, after visiting a special page, you will not be able to visit, for example, such sites: * .wordpress.com, * .imtqy.com, your “ecosystem” of Google will break if I spam, googleusercontent, and do not forget about Content Delivery Network - having spammed the main domain network_name.net, all JS and styles stored there will no longer be loaded!
')
Moreover, you can "spam" so a specific / dontlike way, for example, a competitor post on blobspote / toggle / wordpress.
I propose to discuss how to fix this problem.
Source: https://habr.com/ru/post/209536/
All Articles