17.3k views
2 votes
Consider the attack scenario given below:

Step 1: User browses a web page
Step 2: Web server replies with requested page and sets a cookie on the user’s browser
Step 3: Attacker steals cookie (Sniffing, XSS, phishing attack)
Step 4: Attacker orders for product using modified cookie
Step 5: Product is delivered to attacker’s address
Identify the web application attack.
Session fixation attack
Unvalidated redirects attack
Cookie poisoning attack
Denial-of-Service (DoS) attack

User Mamba
by
8.6k points

1 Answer

3 votes

Answer:

Cookie Poisoning Attack

Step-by-step explanation:

  • In this scenario, the attacker steals the cookie in the step 3 for malicious reasons.
  • Here, the attacker modifies the cookies on the web browser.
  • So, the attacker is poisoning the cookies and using it for online orders in this scenario.
  • As the attacker is poisoning the cookies on the browser this is called Cookie Poisoning Attack.
  • In Cookie Poisoning Attacks, the control of browser and the computer and the whole network can be compromised to the attacker.
  • To prevent the Cookie Poisoning Attack, the cookies have to be encrypted for the security reasons.
User Mwaskom
by
8.7k points
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.