Web applications attacks/Cookie injection
The majority of web applications are based on an authentication mechanism that enables to define user privileges. This mechanism is based on sessions. It defines cookies which validity period depends on the parameters. If the controls are only based on these cookies, the application is likely to be vulnerable, since cookies are saved on local machines. Hence, it is easy to modify their values or manually create new cookies.
- HackThisSite.org, Realistic, Level 8 shows how to modify the value of a cookie to change the user's privileges.
- HackThisSite.org, Realistic, Level 9 shows a Remote File Inclusion (RFI) attack that steals someone's cookies and how to use the stolen information to escalate privileges.
- HackThisSite.org, Realistic, Level 10 shows how to escalate privileges by only changing a cookie value (admin=1 instead of admin=0)