id: cookie-injection

info:
  name: Parameter based cookie injection
  author: pdteam
  severity: info
  reference:
    - https://www.invicti.com/blog/web-security/understanding-cookie-poisoning-attacks/
    - https://docs.imperva.com/bundle/on-premises-knowledgebase-reference-guide/page/cookie_injection.htm
  tags: reflected,dast,cookie,injection

variables:
  first: "cookie_injection"

http:
  - pre-condition:
      - type: dsl
        dsl:
          - 'method == "GET"'

    payloads:
      reflection:
        - "{{first}}"

    fuzzing:
      - part: query
        type: postfix
        fuzz:
          - "{{reflection}}"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)(?i)(^set-cookie.*cookie_injection.*)'
# digest: 4a0a00473045022100af6e35a8b4c4d4533e339e81393faed157da2e68144557ca3fe73fb16178919c022073127c1b729ab0c8c273cbc022b2aca2b7a91a6c4c314633a20059e6b10e22ed:922c64590222798bb761d5b6d8e72950