Question

Consider the attack scenario given below:

Step 1: User browses a web page
Step 2: Web server replies with requested page and sets a cookie on the user’s browser
Step 3: Attacker steals cookie (Sniffing, XSS, phishing attack)
Step 4: Attacker orders for product using modified cookie
Step 5: Product is delivered to attacker’s address
Identify the web application attack.
Session fixation attack
Unvalidated redirects attack
Cookie poisoning attack
Denial-of-Service (DoS) attack

Answer 1

Cookie Poisoning Attack

Step-by-step explanation:

• In this scenario, the attacker steals the cookie in the step 3 for malicious reasons.
• Here, the attacker modifies the cookies on the web browser.
• So, the attacker is poisoning the cookies and using it for online orders in this scenario.
• As the attacker is poisoning the cookies on the browser this is called Cookie Poisoning Attack.
• In Cookie Poisoning Attacks, the control of browser and the computer and the whole network can be compromised to the attacker.
• To prevent the Cookie Poisoning Attack, the cookies have to be encrypted for the security reasons.