Stealing HttpOnly cookies with the cookie sandwich technique
SMRTR summary
The "cookie sandwich" technique exploits server parsing of legacy cookies, using quotes and $Version to bypass HttpOnly flags, potentially exposing sensitive cookies to client-side scripts in Apache Tomcat and some Python frameworks.
SMRTR provides this summary for quick context. The original article belongs to lobste.rs.
Read the original article