nuclei-templates/dast/vulnerabilities/crlf/cookie-injection.yaml

38 lines
982 B
YAML
Raw Normal View History

2024-03-16 18:44:49 +00:00
id: cookie-injection
info:
name: Parameter based cookie injection
author: pdteam
severity: info
reference:
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
metadata:
max-request: 1
2024-03-23 09:32:51 +00:00
tags: reflected,dast,cookie,injection
2024-03-16 18:44:49 +00:00
variables:
first: "cookie_injection"
http:
2024-03-31 19:55:42 +00:00
- pre-condition:
2024-03-26 07:21:56 +00:00
- type: dsl
dsl:
- 'method == "GET"'
2024-03-16 18:44:49 +00:00
payloads:
reflection:
- "{{first}}"
fuzzing:
- part: query
type: postfix
fuzz:
- "{{reflection}}"
matchers:
- type: regex
part: header
regex:
- '(?m)(?i)(^set-cookie.*cookie_injection.*)'
# digest: 4a0a004730450221008e8261dd2cb7d91b396e9113182736c74c9d2bf320de2e64cb7f21012c6a8eff022014e9227dd17849eac076639e72ffe2e84da4bb5b4b01cffb95771968b4f0ad21:922c64590222798bb761d5b6d8e72950