nuclei-templates icon indicating copy to clipboard operation
nuclei-templates copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Cookies Missing "HttpOnly" and "secure" Attributes

Open faizu6 opened this issue 1 year ago • 2 comments

Template for?

Template to check whether the cookies of the UI dashboard are having "HttpOnly" and "secure" Attributes. CVE-Score 5.4

Details:

I need to check whether the cookies of my UI dashboard are have "HttpOnly" and "secure" Attributes. I am logging into the dashboard using my user_id and password and when i check in the developers option i find that the cookies have "HttpOnly" and "secure" Attributes missing. I want to keep a track of the same using Nuclei. Displaying it as a medium vulnerability Screenshot from 2023-05-23 12-37-05(1)

faizu6 avatar May 23 '23 07:05 faizu6

Hi @faizu6. Are you asking for a template that will accomplish this or have you written one?

MetzinAround avatar May 23 '23 14:05 MetzinAround

Hi @faizu6. Are you asking for a template that will accomplish this or have you written one?

Hello @MetzinAround I am asking for one, the template which will notify that cookies have missing attributes 'HttpOnly' and 'Secure'

faizu6 avatar May 23 '23 14:05 faizu6