2024-03-16 18:44:49 +00:00
|
|
|
id: cookie-injection
|
|
|
|
|
|
|
|
info:
|
|
|
|
name: Parameter based cookie injection
|
|
|
|
author: pdteam
|
|
|
|
severity: info
|
|
|
|
reference:
|
|
|
|
- https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
|
|
|
|
- https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
|
2024-06-07 10:04:29 +00:00
|
|
|
metadata:
|
|
|
|
max-request: 1
|
2024-03-23 09:32:51 +00:00
|
|
|
tags: reflected,dast,cookie,injection
|
2024-03-16 18:44:49 +00:00
|
|
|
|
|
|
|
variables:
|
|
|
|
first: "cookie_injection"
|
|
|
|
|
|
|
|
http:
|
2024-03-31 19:55:42 +00:00
|
|
|
- pre-condition:
|
2024-03-26 07:21:56 +00:00
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- 'method == "GET"'
|
2024-03-16 18:44:49 +00:00
|
|
|
|
|
|
|
payloads:
|
|
|
|
reflection:
|
|
|
|
- "{{first}}"
|
|
|
|
|
|
|
|
fuzzing:
|
|
|
|
- part: query
|
|
|
|
type: postfix
|
|
|
|
fuzz:
|
|
|
|
- "{{reflection}}"
|
|
|
|
|
|
|
|
matchers:
|
|
|
|
- type: regex
|
|
|
|
part: header
|
|
|
|
regex:
|
|
|
|
- '(?m)(?i)(^set-cookie.*cookie_injection.*)'
|
2024-06-08 16:02:17 +00:00
|
|
|
# digest: 4a0a004730450221008e8261dd2cb7d91b396e9113182736c74c9d2bf320de2e64cb7f21012c6a8eff022014e9227dd17849eac076639e72ffe2e84da4bb5b4b01cffb95771968b4f0ad21:922c64590222798bb761d5b6d8e72950
|