hacktricks/cookie-bomb-+-onerror-xs-leak.md at 6937d302e7773bd74f2a9f61a920bc1ff70754a3 - hacktricks - Commercial git is dead.

maride/hacktricks

mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00

HackTricks News Bot f740b52e29 Add content from: Research Update: Enhanced src/pentesting-web/xs-search/cooki...

2025-08-22 01:29:27 +00:00

7.0 KiB

Raw Blame History

{{#include ../../banners/hacktricks-training.md}}

This technique combines:

Cookie bombing: stuffing the victim’s browser with many/large cookies for the target origin so that subsequent requests hit server/request limits (request header size, URL size in redirects, etc.).
Error-event oracle: probing a cross-origin endpoint with a