Cookies are messages that a web servers sends to the web browser when visited the Internet sites. Cookies are basically used to track website activities. While visiting a visit site, the server gives a cookie that acts as an identification card. On requesting for another page on the same site, the browser passes that cookie back to the server. In this way, a web server can collect information about which web pages are mostly used by the user.
Attack: Now the information gathered from these cookies can be read only by the particular website that creates those cookies. So in short other servers do not have access to these cookies. However cookies can be stolen by hackers and be used to get unauthorized access to critical data. This can be done using SQL injection or Cross site scripting.
If cookies are in the form of clear text, hexadecimal, base64, hashes, serialized information, hackers can easily determine and decode the same and inject SQL queries.
The solution to prevent such cookie injection is similar to the solution given for session vulnerabilities (mentioned in the above link). In addition to the given solution, another important way through which cookie injection attack can be prevented is:
Check this link to know more on the session vulnerabilities:
Session Vulnerabilities in Web Application