This was originally picked up by a pen test report, that although it's not exploitable, any SQL injection code is added to the content of a comment is stored in a cookie and sent in the browser headers.
I don't think you could pivot from this to something exploitable but it's probably not a great idea to send this via cookie back to the client.
I don't see much in terms of benefit in using cookie over session, but i do have a fix -
If someone thinks it will be beneficial, i can create a PR -
caffeineinc@747d4f4
This was originally picked up by a pen test report, that although it's not exploitable, any SQL injection code is added to the content of a comment is stored in a cookie and sent in the browser headers.
I don't think you could pivot from this to something exploitable but it's probably not a great idea to send this via cookie back to the client.
I don't see much in terms of benefit in using cookie over session, but i do have a fix -
If someone thinks it will be beneficial, i can create a PR -
caffeineinc@747d4f4