Session Cookie Injection occurs when a web application assigns session cookies to users using untrusted data.
Session cookies are used by web applications to identify users. Thus, controlling these enable control over the identity of the users within the
application.
The injection might occur via a GET parameter, and the payload, for example, https://example.com?cookie=injectedcookie, delivered using phishing techniques.
What is the potential impact?
A well-intentioned user opens a malicious link that injects a session cookie in their web browser. This forces the user into unknowingly browsing a
session that isn’t theirs.
Below are some real-world scenarios that illustrate some impacts of an attacker exploiting the vulnerability.
Sensitive data disclosure
A victim introduces sensitive data within the attacker’s application session that can later be retrieved by them. This can lead to a variety of
implications depending on what type of data is disclosed. Strictly confidential user data or organizational data leakage have different impacts.
Vulnerability chaining
An attacker not only manipulates a user into browsing an application using a session cookie of their control but also successfully detects and
exploits a self-XSS on the target application.
The victim browses the vulnerable page using the attacker’s session and is affected by the XSS,
which can then be used for a wide range of attacks including credential stealing using mirrored login pages.
