Challenge: Can a website modify data in third party cookies?

[Leafgreen]

Consider this scenario:
A coder ("DevA") has control of two websites: WebsiteA and WebsiteB, but not WebsiteD. WebsiteA and WebsiteB are written in PHP.

When a user ("MemberA") is logged in at WebsiteA, and clicks on an advertisement ("AdD"), then the final destination of MemberA's browser is WebsiteD. Both WebsiteD and AdD's ad tracking service ("TrackingServiceD") will save the referring URL as www.WebsiteA.com/pageclickedon.php in two different cookies ("CookieD") and ("CookieT") on MemberA's computer. The www.WebsiteA.com/pageclickedon.php value may be encrypted in CookieD and CookieT.

Can DevA write code to cause WebsiteD and TrackingServiceD to save the referring URL in CookieD and CookieT as www.WebsiteB.com/PageClickedOn.php instead of www.WebsiteA.com/PageClickedOn.php ?

Other givens:
1. All other values in CookieD and Cookie T (besides www.WebsiteB.com/PageClickedOn.php must remain unchanged.
2. DevA has created code that changes the HTTP_REFERER in the http header to www.WebsiteB.com/PageClickedOn.php with a redirect from WebsiteA to WebsiteB before going to WebsiteD. Still, after MemberA clicks on AdA, WebsiteD and TrackingServiceD save the referring URL as www.WebsiteA.com/PageClickedOn.php encrypted in CookieD and CookieT.

[moxquito]

If i understand your questions and given scenario correctly it sounds like you are refering to "Cross Site Sripting", and yes its possible.

http://en.wikipedia.org/wiki/Cross-site_scripting

[bathurst_guy]

No what you are suggesting cannot be done.

But your point 2 is the way I would go around it. Have the link of websiteA link to websiteB where it is then bounced to websiteD. It will work, it probably hasn't been implemented correctly.