- "If you're able to execute your own JS on SUB1.example.com it can cookie-bomb not only your SUB1 but the entire *.example.com network, including example.com"
So you've got to be able to execute JS in a subdomain to plant a cookie bomb that will affect the entire domain.
So you've got to be able to execute JS in a subdomain to plant a cookie bomb that will affect the entire domain.