Research Academy
My account Customers About Blog Careers Legal Contact Resellers

Burp Suite User Forum

Create new post

what is the positive or false positive? Or do you need to solve the problem? Cookie manipulation (DOM-based)

LUCAS | Last updated: Nov 04, 2021 01:00PM UTC

I have a question, would you like to know false positive or positive? Or do you need to fix? HTTP/1.1 200 OK Date: Mon, 13 Sep 2021 14:03:31 GMT Server: Apache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Powered-By: Servlet/3.1 X-OneAgent-JS-Injection: true Cache-Control: no-cache, no-store, must-revalidate Expires: Thu, 01 Jan 1970 00:00:00 GMT Content-Location: /pnegocios2/wps/portal/portaldenegociosnovo/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8zifdx9PA0sLYz8DJzdjAwCHcOCTdx9jQxNfE30wwkpiAJKG-AAjgZA_VGElBTkRhikOyoqAgBzNoDA/dz/d5/L2dBISEvZ0FBIS9nQSEh/ Pragma: no-cache Vary: Cookie,User-Agent,Accept-Encoding Server-Timing: dtRpid;desc="-501149999" Content-Type: text/html; charset=UTF-8 Content-Language: en Set-Cookie: WSP9-PNEGOCIOS=rd5o00000000000000000000ffff0acd3a5co80; expires=Mon, 13-Sep-2021 23:23:31 GMT; path=/pnegocios2/; Httponly Cache-Control: no-store Cache-Control: no-cache Via: 1.1 wwwn.bradescoseguros.com.br (Access Gateway-ag-77B1B8C198108543-117622309) Connection: close Content-Length: 139061 <!DOCTYPE html> <html> <head> <meta http-equiv='X-UA-Compatible' content='IE=edge,chrome=1'> <meta charset="utf-8"> <meta name="viewport" content="width=device-width" /> <!-- Google Tag Manager --> < ...[SNIP]... Dynamic analysis Data is read from location.href and passed to document.cookie. The following value was injected into the source: ?redirect=i29j89u05n%27%22`'"/i29j89u05n/><i29j89u05n/\>coyxramjnt& The previous value reached the sink as: redirect=i29j89u05n%27%22`'"/i29j89u05n/><i29j89u05n/\>coyxramjnt;expires=Tue, 14 Sep 2021 15:20:14 GMT;path=/ The stack trace at the source was: at Object._0x16d0e7 [as proxiedGetterCallback] (<anonymous>:1:591983) at Object.get href [as href] (<anonymous>:1:299867) at getUrlParam (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2093:79) at includeUrlParamInCookies (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2115:22) at https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2120:1 The stack trace at the sink was: at Object.Ghpje (<anonymous>:1:181523) at Object.EUwOT (<anonymous>:1:573898) at Object.HXkfI (<anonymous>:1:585603) at HTMLDocument.Object.<computed>.set (<anonymous>:1:586874) at setCookie (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:697:21) at includeUrlParamInCookies (https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2117:9) at https://wwwn.bradescoseguros.com.br/pnegocios2/wps/contenthandler/!ut/p/digest!XUbyaP-QyHkijF1b_2hgww/dav/fs-type1/themes/BSPN-PortalNegocios-Tema/assets/js/components.min.js:2120:1

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.