Articles in category "Web-AppSec" (1)

2021-11-01

Overwriting HttpOnly cookies with Javascript

So I got in contact with Sam Anttila on twitter regarding his article about overwriting HttpOnly enabled cookies using Javascript, which should not be possible. I asked him if he had verified if Firefox exhibits the same behavior. He answered yes and the …