Is it possible for a malicious website to steal my cookies from another website?

Question

Is it possible for a malicious website to steal my cookies from another website?

From what I understand, document.cookie only gets your cookies for the current site where you are located. Is it possible to bypass a malicious site using iFrame by changing my HTTP header, making a request to the target site, or some other method?

+7

security cookies iframe

Gilbo Jul 19 '10 at 3:35

source share

3 answers

One way to do this is through cross-site scripting attacks. This is a brief overview of how cookie thefts work with XSS.

+9

Chris Jul 19 '10 at 3:49

source share

These methods will not work at all. Iframes prohibits programmatic access to properties such as page content and cookies for pages in another domain. Similarly, Javascript HTTP requests are only allowed in the same domain as the requesting page.

+2

Aardsquid Jul 19 '10 at 3:40

source share

gauravphoenix · Accepted Answer · 2010-07-19T04:46:33+0000

DNS Rebinding can be used to bypass the Same Origin (SOP) policy used by browsers so that one website does not view other website data such as cookies, dom, etc.

Here 's a great video to learn how it works and how to prevent it.

Is it possible for a malicious website to steal my cookies from another website?

More articles: