Which type of attack is capable of stealing cookies from a user's machine?

Cross-site scripting (XSS) is an attack that allows an attacker to inject malicious scripts into content delivered to users. When executed, these scripts run in the context of the user's browser, enabling the attacker to interact with the user's session. One of the common capabilities of these scripts is to access and steal cookies that are stored in the user's browser.

Cookies often contain sensitive information such as session tokens, authentication credentials, and other data that can be used to impersonate the user or gain unauthorized access to their accounts. Once the attacker retrieves these cookies, they can use them to hijack the user's session, thereby compromising the integrity and confidentiality of the user's information.

In contrast, the other options involve different types of vulnerabilities or attacks. SQL injection targets databases, phishing aims to deceive users into providing sensitive information, and denial of service focuses on overwhelming a service to make it unavailable. Each of these plays a different role in cybersecurity breaches and does not specifically involve cookie theft in the way that cross-site scripting does.