I am testing a website and there in cookie CultureInfo Header replaced with a javascript payload anybody has some information. why that CultureInfo=value replaced with "/onload=confirm()//; permanently see in cookie
GET /Search HTTP/1.1
Host: website.com
User-Agent: value
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Referer: https://website.com
Cookie: _ga=GA1.2.757670279.1561612750; __atuvc=10; ASP.NET_SessionId=value; __ CultureInfo=<svg/x=">"/onload=confirm()//; _gid=GA;
Upgrade-Insecure-Requests: 1
Aucun commentaire:
Enregistrer un commentaire