Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

- "If you're able to execute your own JS on SUB1.example.com it can cookie-bomb not only your SUB1 but the entire *.example.com network, including example.com"

So you've got to be able to execute JS in a subdomain to plant a cookie bomb that will affect the entire domain.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: