Lab: Exploiting server-side parameter pollution in a query string
1 min read
Summary
In the “Lab on exploiting server-side parameter pollution in a query string” writeup, the author details how they were able to exploit a vulnerability in the server-side parameter pollution of a query string.
The attack began with the author using a tool called Burp Suite to capture the Forget Password requests and then send the POST /forgot-password request to Repeater in order to modify the parameters.
The author then sent the requests to Intruder, added the payload position “y”, and captured the requests from server-side variable name payload lists.
The author used the payload lists to exploit the vulnerability and successfully gained access to the server-side parameters.
These server-side parameter pollution attacks are possible when application builders don’t consistently validate the incoming parameters.
As a result, malicious agents can manipulate the parameters and gain access to unauthorized resources, possibly allowing them complete control over the backend servers, so it is crucial to validate all the parameters on the server-side.