Burp Suite User Forum

Login to post

what is the positive or false positive? Or do you need to solve the problem? Cookie manipulation (DOM-based)

LUCAS | Last updated: Nov 04, 2021 01:00PM UTC

I have a question, would you like to know false positive or positive? Or do you need to fix? HTTP/1.1 200 OK Date: Mon, 13 Sep 2021 14:03:31 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Powered-By: Servlet/3.1 X-OneAgent-JS-Injection: true Cache-Control: no-cache, no-store, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Location: /pnegocios2/wps/portal/portaldenegociosnovo/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zifdx9PA0sLYz8DJzdjAwCHcOCTdx9jQxNfE30wwkpiAJKG-AAjgZA_VGElBTkRhikOyoqAgBzNoDA/dz/d5/L2dBISEvZ0FBIS9nQSEh/ Pragma: no-cache Vary: Cookie,User-Agent,Accept-Encoding Server-Timing: dtRpid;desc="-501149999" Content-Type: text/html; charset=UTF-8 Content-Language: en Set-Cookie: WSP9-PNEGOCIOS=rd5o00000000000000000000ffff0acd3a5co80; expires=Mon, 13-Sep-2021 23:23:31 GMT; path=/pnegocios2/; Httponly Cache-Control: no-store Cache-Control: no-cache Via: 1.1 wwwn.bradescoseguros.com.br (Access Gateway-ag-77B1B8C198108543-117622309) Connection: close Content-Length: 139061 <!DOCTYPE html> <html> <head> <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'> <meta charset="utf-8"> <meta name="viewport" content="width=device-width" /> <!-- Google Tag Manager --> < ...[SNIP]... Dynamic analysis Data is read from location.href and passed to document.cookie. The following value was injected into the source: ?redirect=i29j89u05n%27%22`'"/i29j89u05n/><i29j89u05n/\>coyxramjnt& The previous value reached the sink as: redirect=i29j89u05n%27%22`'"/i29j89u05n/><i29j89u05n/\>coyxramjnt;expires=Tue, 14 Sep 2021 15:20:14 GMT;path=/ The stack trace at the source was: at Object._0x16d0e7 [as proxiedGetterCallback] (<anonymous>:1:591983) at Object.get href [as href] (<anonymous>:1:299867) at getUrlParam (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2093:79) at includeUrlParamInCookies (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2115:22) at https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2120:1 The stack trace at the sink was: at Object.Ghpje (<anonymous>:1:181523) at Object.EUwOT (<anonymous>:1:573898) at Object.HXkfI (<anonymous>:1:585603) at HTMLDocument.Object.<computed>.set (<anonymous>:1:586874) at setCookie (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:697:21) at includeUrlParamInCookies (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2117:9) at https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2120:1

You need to Log in to post a reply. Or register here, for free.