✍️ Description

Developers often set cookies to be accessible from the root context path (“/”). Doing so exposes the cookie to all web applications on the domain. Since cookies often carry sensitive information such as session identifiers, sharing cookies across applications can lead a vulnerability in one application to cause a compromise in another.

🕵️‍♂️ Proof of Concept

  public function setFlashCookieObject($name, $object, $time = 60)
    {
        setcookie($name, json_encode($object), time() + $time, '/');

        return $this;
    }

 {
        if (isset($_COOKIE[$name])) {
            $object = json_decode($_COOKIE[$name], false);
            setcookie($name, '', time() - 3600, '/');
            return $object;
        }

💥 Impact

A cookie with an overly broad path can be accessed through other applications on the same domain.