Advertisement






kentwood - session cookie without secure flag - (XSS)

CVE Category Price Severity
N/A CWE-79 $5000 High
Author Risk Exploitation Type Date
Unknown High Remote 2020-12-10
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120069

Below is a copy:

kentwood - session cookie without secure flag - (XSS)
#Expliot title : kentwood - cross site scripting (XSS) - session cookie without secure flag
#Vendor Homepage: https://kentwood.us
#Date: 2020-07-12
#Tested on : windows 10
#Risk: medium
#vesion: 0.1
#category:webapps

################################
cross site scripting:
#Discussion:
Cross-site scripting (XSS) is a class of vulnerabilities affecting web applications that can result in security controls implemented in browsers being circumvented. When a browser visits a page on a website, script code originating in the website domain can access and manipulate the DOM (document object model), a representation of the page and its properties in the browser. Script code from another website can not. This is known as the "same origin policy", a critical control in the browser security model. Cross-site scripting vulnerabilities occur when a lack of input validation permits users to inject script code into the target website such that it runs in the browser of another user who is visiting the same website. This would circumvent the browser same-origin policy because the browser has no way to distinguish authentic script code from inauthentic, apart from its origin. 

#Impact
The precise impact depends greatly on the application. 
XSS is generally a threat to web applications which have authenticated users or are otherwise security sensitive. 
Malicious code may be able to manipulate the content of the site, changing its appearance and/or function for another user. 
This includes modifying the behavior of the web application (such as redirecting forms, etc). 
The code may also be able to perform actions within the application without user knowledge. 
Script code can also obtain and retransmit cookie values if they haven't been set HttpOnly. 

#Remediation
The developer must identify how the untrustworthy data is being output to the client without adequate filtering. 
There are various language/platform specific techniques for filtering untrustworthy data. 

#Request: GET /search.php?q=1'%20-->">'>'" 


#####################################

session cookie without secure flag

#Resource Content: PHPSESSID=7f87od2b17eia94uki4pcfcf53; path=/
#Discussion: I detected that a known session cookie may have been set without the secure flag. 
#Impact:
1.Cookies can be exposed to network eavesdroppers. 
2.Session cookies are authentication credentials; attackers who obtain them can get unauthorized access to affected web applications. 
#Remediation: When creating the cookie in the code, set the secure flag to true.

#######################

#discovered by : NC01

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum