Azrael Azrael - 6 months ago 24
Javascript Question

preventing javascript injections from navigation bar

I was playing around with cookies and stuff, until I noticed a website saying that you can easily set cookies via the navigation bar with one simple code;

javascript: document.cookie="SESSID=IDOFSESSIONHERE;path=/"

while doing this, I could login on one computer, copy the cookie data to another computer, and set the same cookie via this code, after a refresh I was logged in with the same user.

(just on a simple webpage I made myselve)

this seems like a security issue to me, I mean, ofcourse they would first need to get the cookie data, but without that, I imagine that you could do alot of damage with the
from the cookies aside.

Is there any way to prevent the usage of
from the navigation bar?


The user is the security issue not Javascript. The user gave you the session id - i.e. do you give out your keys/passwords to others? If you do what can the site do? Send around a blioke to look over your sholder all the time