|
|
|
|
|
|
by jaysoo
5627 days ago
|
|
|
The goal could be CSRF instead of actually reading the cookies. If there's a SessionID cookie for example, you can use JS to GET/POST the request to the server without needing to know the value of SessioID because the browser will send it as part of the request anyway. The HTTP Response Splitting vulnerability can have many implications, XSS and CSRF attacks are just some examples. |
|
|