There are applications that supplying multiple HTTP parameters with the same name. This method to supply HTTP parameters might cause the application to interpret values in an unanticipated way. By exploiting this bug, an attacker can easily bypass any input validation. The attacker can also modify internal variables of the application to trigger internal application error. These conditions can cause catastrophic effects on the server. If query strings are not passed in a secure way to the URL, the attacker can get sensitive information about the user and the application. The sensitive information includes usernames, passwords, tokens (authX), database details, and the other potentially sensitive data.
The following link is an example of a query string.
http://example.beaglesecurity.com/over/there?name=data
The following are the impacts of this vulnerability:-
Beagle recommends the following fixes:-