-
Notifications
You must be signed in to change notification settings - Fork 12
HTTP Parameter poisoning
mzfr edited this page May 23, 2021
·
2 revisions
Different Tech has different ways of accepting the parameter passed. This is because there is no RFC or anything defined for this.
-
We usually see this in loads of Password reset functionality that if we send a requests with multiple
emailthen only the first one is considered.email=victim.com&email=attacker.com
-
If in the URL the & or any other character is not encoded then the possibility is high that if you add a new value then it will be accepted.
-
PHP usually consider the
lastoccurrence
- Capture the flag(CTF)
- Making a boot2root VM
- BugBounty notes for Android
- BugBounty notes for WEB
- Starting with (n)vim
- Bluetooth(nothing big)
- Hacking boot2root/ OSCP notes