Is it possible to get or set a cookie for the domain where the js file is located?

S

savage_me2017-10-20 17:04:51

JavaScript

savage_me, 2017-10-20 17:04:51

There is a victim domain. I can create a js file there. An html file with js included cannot, that is, only a js file.
There is my domain. Of course, I can include a js file from the victim's domain.

Is it possible in such a situation to read cookies from the victim's domain or put them on the victim's domain? Or does it not matter where the file is located, the main thing is that it will be called from my domain, which means I can only manipulate my cookies?

This is whitehat, nothing criminal. I try my hand.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

A

Abdula Magomedov, 2017-10-20
@Avarskiy

It doesn't matter where the js file is located. It can only handle cookies of the domain on which it runs for a specific user.

P

Pavel Kornilov, 2017-10-20
@KorniloFF

I can create js file there

So, you can write cookies.

A

Andrey Pavlenko, 2017-10-20
@Akdmeh

No, it's practically impossible. I once asked a question, only "on the contrary." No, cookies only go to the domain where the code is being executed (and not where it is loaded from).
Otherwise, you could include any google.com file and change cookies there?