[Bug]: POST出现服务器端请求伪造漏洞,位置:COOKIE

[PhuketIsland]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

1.13.0

Installation Type

Official Kubernetes

Service Name

DongTai-agent-java

Describe the details of the bug and the steps to reproduce it

洞态一直报这个地方有服务端请求伪造漏洞，但是token值不能修改，修改就报错显示token无效，所以这是不是一个误报？

Additional Information

No response

Logs

No response

[lostsnow]

Could you provide the complete method pool information? It can be found from the field "method_pool" in the table "iast_agent_method_pool" of the database. Please remember to obfuscate any sensitive information.

[PhuketIsland]

test.txt

[Bidaya0]

test.txt

This method pool did not find a vulnerability in our detection, please check if the correct method pool is provided.
If possible, please also provide the full_stack in the vulnerability information.

[PhuketIsland]

test.txt
之前那个文本里面我只取了一条数据，这个是所有的数据。full_stack漏洞信息在哪找？

[lostsnow]

test.txt 之前那个文本里面我只取了一条数据，这个是所有的数据。full_stack漏洞信息在哪找？

Field full_stack is in the table iast_vulnerability, primary key id can be found in the vulnerability detail url, for example: https://<hostname>/vuln/vulnDetail/1/12473?..., id is 12473

[PhuketIsland]

test.txt之前那个文本里面我只取了一条数据，这是所有的数据。full_stack漏洞信息在哪里找？

full_stack表中字段为iast_vulnerability，主键id可在漏洞详情 url 中找到，例如：https://<hostname>/vuln/vulnDetail/1/12473?..., idis12473

能找到full_stack,但是不知道该漏洞的id从哪找，上面那个test.txt文件里面还是不能发现漏洞吗？