header-logo
Suggest Exploit
vendor:
MyApp
by:
John Doe
7.8
CVSS
HIGH
Cookie Injection
79
CWE
Product Name: MyApp
Affected Version From: 1
Affected Version To: 2
Patch Exists: Yes
Related CWE: CVE-2020-12345
CPE: a:example:myapp:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2020

Cookie Injection Vulnerability

Cookie Injection is a type of vulnerability that occurs when an attacker injects malicious code into a legitimate web browser cookie. This malicious code can be used to gain access to a user's account or to gain access to sensitive information. The attacker can also use the malicious code to modify the contents of the cookie, which can be used to bypass authentication or authorization checks. The attacker can also use the malicious code to redirect the user to a malicious website.

Mitigation:

The best way to mitigate against Cookie Injection is to ensure that all cookies are properly validated and sanitized before being used. Additionally, it is important to ensure that all cookies are encrypted and that the encryption keys are kept secure. Finally, it is important to ensure that all cookies are set to expire after a certain amount of time.
Source

Exploit-DB raw data:

The following examples are available:

+++
GET /myapp/MyCookies HTTP/1.1
Host: localhost
Cookie: name="val " ue"
Cookie: name1=moi
+++

http://www.example.com/examples/servlets/servlet/CookieExample?cookiename=test&cookievalue=test%5c%5c%22%3B+Expires%3DThu%2C+1+Jan+2009+00%3A00%3A01+UTC%
3B+Path%3D%2Fservlets-examples%2Fservlet+%3

Navigation

Suggest Exploit

Services By CQR