XXE Injections
Abusing XML Parsers
CORS relaxes SOP.
With overly permissive CORS headers, which we can validate with an options request, if there is a SameSite attribute on session related cookies depending on the endpoints the application exposes it may be possible to phish a users cookie using CSRF.
See SOP.
See CORS.
The presence of the HTTPOnly flag on a cookie prevents us from stealing a users session. Specifically it blockes us from accessing document.cookie in our javascript payloads.
The Secure Flag is used to declare that a cookie may only be transmitted using a secure connection (SSL/HTTPS). This flag prevents cookie theft via man in the middle attacks.
As a side note, if this flag is set on an http connection the browser ignores it.
The SameSite flag is an attribute of the Set-Cookie header. It is used to declare when web browsers should send the cookie, depending on how a visitor interacts with the site that set the cookie. This flag is used to help protect against cross-site request forgery (CSRF) attacks. The SameSite attribute may have one of the following values: