Answer:
Using Cross site scripting attack,the attacker can steal the cookie and send it to their own server in various ways.One of them is by executing a client side script on the browser of the victim.
Explanation:
- The attacker injects a payload by submitting a vulnerable form with malicious code into the database of a website that the victim visits.
- The victim uses his browser and request the website from the server.
- The browser receives the web page along with the payload(malicious code that the attacker has injected) from the server.
- The browser of the victim executes the malicious code which is present in the HTML body of the web page.
- This sends the victim's cookie to the attacker server.
- When the HTTP request arrives at the attackers server,the attacker can then get the cookie from that HTTP request and can use the victim's cookie.
Hence the Answer is
- Web browsers send the cookies for eecs485.org with every HTTP request that loads a script
