
Hacking Methodology • Chapter 1 31
Cookie Poisoning
When a hacker is using “cookie poisoning,” she is usually someone who
has authorized access to the Web application in the first place.The
hacker is usually a registered customer and is familiar with the applica-
tion in question.The hacker may alter a cookie stored on her computer
and send it back to the Web site. Because the application does not
expect changes to the cookie, it may process the poisoned cookie.The
effects are usually the changing of fixed data fields, such as changing
prices on an e-commerce site or changing the identity of the user
logged in to the site—or anyone else the hacker chooses. ...