Mirrors/PayloadsAllTheThings
2
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-12 22:33:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #314 from ahboon/HTTP-Parameter-Pollution

Browse source 
Added Golang param information
This commit is contained in:
Swissky 2020-12-22 20:02:56 +01:00 committed by GitHub
commit 609c38bde5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 14 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
HTTP Parameter Pollution/README.md
View file

@ -24,17 +24,20 @@ Attacker -- http://example.com?search=Beth&search=' OR 1=1;## --> WAF (reads fir
### Table of refence for which technology reads which parameter
When ?par1=a&par1=b
| Technology | Parsing Result|outcome (par1=)|
| ------------------|---------------|:-------------:|
| ASP.NET/IIS |All occurrences |a,b |
| ASP/IIS |All occurrences |a,b |
| PHP/Apache |Last occurrence |b |
| PHP/Zues |Last occurrence |b |
| JSP,Servlet/Tomcat|First occurrence|a |
| Perl CGI/Apache |First occurrence|a |
| Python Flask |First occurrence|a |
| Python Django |Last occurrence |b |
| Nodejs |All occurrences |a,b |
| Technology | Parsing Result |outcome (par1=)|
| ------------------ |--------------- |:-------------:|
| ASP.NET/IIS |All occurrences |a,b |
| ASP/IIS |All occurrences |a,b |
| PHP/Apache |Last occurrence |b |
| PHP/Zues |Last occurrence |b |
| JSP,Servlet/Tomcat |First occurrence |a |
| Perl CGI/Apache |First occurrence |a |
| Python Flask |First occurrence |a |
| Python Django |Last occurrence |b |
| Nodejs |All occurrences |a,b |
| Golang net/http - `r.URL.Query().Get("param")` |First occurrence |a |
| Golang net/http - `r.URL.Query()["param"]` |All occurrences |a,b |
## References
- [HTTP Parameter Pollution - Imperva](https://www.imperva.com/learn/application-security/http-parameter-pollution/)