| Details | |
|---|---|
| Alert Id | 10029 |
| Alert Type | Passive |
| Status | release |
| Risk | |
| CWE | |
| WASC | |
| Technologies Targeted | All |
| Tags |
OWASP_2017_A01 OWASP_2021_A03 |
Summary
This check looks at user-supplied input in query string parameters and POST data to identify where cookie parameters might be controlled. This is called a cookie poisoning attack, and becomes exploitable when an attacker can manipulate the cookie in various ways. In some cases this will not be exploitable, however, allowing URL parameters to set cookie values is generally considered a bug.