Cookie without Secure flag in thorsten/phpmyfaq
Sep 8th 2023
Access and login to the website.
Press F12 on your keyboard or right-click on the website to open dev-tool.
At Application tab, choose Cookies and there are some sensitive cookies without Secure flag.
Proof of Concept
-you can see i use https but the secure is still false/uncheck-
If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope.
An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site.