With this vulnerability, the application fails to perform proper input validation, which makes it overwrite hardcoded values. Whitelisting expected parameters and their values should be included in the application logic, and the input from the user should be sanitized against it. WAFs that can track multiple occurrences of the variable and that have been tuned to understand the flaw should be used to handle filtering.
HTTP parameter pollution
by Juned Ahmed Ansari, Gilberto Najera-Gutierrez
Web Penetration Testing with Kali Linux - Third Edition
- Title Page
- Copyright and Credits
- Dedication
- Packt Upsell
- Contributors
- Preface
- Introduction to Penetration Testing and Web Applications
- Setting Up Your Lab with Kali Linux
- Reconnaissance and Profiling the Web Server
- Reconnaissance
- Information gathering
- Scanning – probing the target
- Summary
- Authentication and Session Management Flaws
- Authentication schemes in web applications
- Session management mechanisms
- Common authentication flaws in web applications
- Detecting and exploiting improper session management
- Preventing authentication and session attacks
- Summary
- Detecting and Exploiting Injection-Based Flaws
- Finding and Exploiting Cross-Site Scripting (XSS) Vulnerabilities
- Cross-Site Request Forgery, Identification, and Exploitation
- Attacking Flaws in Cryptographic Implementations
- AJAX, HTML5, and Client-Side Attacks
- Other Common Security Flaws in Web Applications
- Using Automated Scanners on Web Applications
- Other Books You May Enjoy
HTTP parameter pollution
-
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.