Uncommon query string parameter

There are applications that supplying multiple HTTP parameters with the same name. This method to supply HTTP parameters might cause the application to interpret values in an unanticipated way. By exploiting this bug, an attacker can easily bypass any input validation. The attacker can also modify internal variables of the application to trigger internal application error. These conditions can cause catastrophic effects on the server. If query strings are not passed in a secure way to the URL, the attacker can get sensitive information about the user and the application. The sensitive information includes usernames, passwords, tokens (authX), database details, and the other potentially sensitive data.

Example

The following link is an example of a query string.

http://example.beaglesecurity.com/over/there?name=data

Impact

The following are the impacts of this vulnerability:-

  • The attacker can leak sensitive information about the server and the end users.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Implement proper input validation for fields like forms, headers and many more.
  • Try to accept parameters only where they are supposed to be supplied.
  • Ensure that the application encodes the user-supplied input whenever possible with GET/POST HTTP request to the HTTP backend.

Latest Articles