S
S
savage_me2017-10-20 17:04:51
JavaScript
savage_me, 2017-10-20 17:04:51

Is it possible to get or set a cookie for the domain where the js file is located?

There is a victim domain. I can create a js file there. An html file with js included cannot, that is, only a js file.
There is my domain. Of course, I can include a js file from the victim's domain.

Is it possible in such a situation to read cookies from the victim's domain or put them on the victim's domain? Or does it not matter where the file is located, the main thing is that it will be called from my domain, which means I can only manipulate my cookies?

This is whitehat, nothing criminal. I try my hand.

Answer the question

In order to leave comments, you need to log in

3 answer(s)
A
Abdula Magomedov, 2017-10-20
@Avarskiy

It doesn't matter where the js file is located. It can only handle cookies of the domain on which it runs for a specific user.

P
Pavel Kornilov, 2017-10-20
@KorniloFF

I can create js file there

So, you can write cookies.

A
Andrey Pavlenko, 2017-10-20
@Akdmeh

No, it's practically impossible. I once asked a question, only "on the contrary." No, cookies only go to the domain where the code is being executed (and not where it is loaded from).
Otherwise, you could include any google.com file and change cookies there?

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question