Merge pull request #406 from pang9979/master

Update Table
This commit is contained in:
Swissky 2021-07-31 11:25:45 +02:00 committed by GitHub
commit 38a209b14d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -24,20 +24,24 @@ Attacker -- http://example.com?search=Beth&search=' OR 1=1;## --> WAF (reads fir
### Table of refence for which technology reads which parameter ### Table of refence for which technology reads which parameter
When ?par1=a&par1=b When ?par1=a&par1=b
| Technology | Parsing Result |outcome (par1=)| | Technology | Parsing Result |outcome (par1=)|
| ------------------ |--------------- |:-------------:| | ------------------ |--------------- |:-------------:|
| ASP.NET/IIS |All occurrences |a,b | | ASP.NET/IIS |All occurrences |a,b |
| ASP/IIS |All occurrences |a,b | | ASP/IIS |All occurrences |a,b |
| PHP/Apache |Last occurrence |b | | PHP/Apache |Last occurrence |b |
| PHP/Zues |Last occurrence |b | | PHP/Zues |Last occurrence |b |
| JSP,Servlet/Tomcat |First occurrence |a | | JSP,Servlet/Tomcat |First occurrence |a |
| Perl CGI/Apache |First occurrence |a | | Perl CGI/Apache |First occurrence |a |
| Python Flask |First occurrence |a | | Python Flask |First occurrence |a |
| Python Django |Last occurrence |b | | Python Django |Last occurrence |b |
| Nodejs |All occurrences |a,b | | Nodejs |All occurrences |a,b |
| Golang net/http - `r.URL.Query().Get("param")` |First occurrence |a | | Golang net/http - `r.URL.Query().Get("param")` |First occurrence |a |
| Golang net/http - `r.URL.Query()["param"]` |All occurrences |a,b | | Golang net/http - `r.URL.Query()["param"]` |All occurrences |a,b |
| IBM Lotus Domino |First occurrence |a |
| IBM HTTP Server |First occurrence |a |
| Perl CGI/Apache |First occurrence |a |
| mod_wsgi (Python)/Apache |First occurrence |a |
| Python/Zope |All occurences in array |['a','b'] |
## References ## References
- [HTTP Parameter Pollution - Imperva](https://www.imperva.com/learn/application-security/http-parameter-pollution/) - [HTTP Parameter Pollution - Imperva](https://www.imperva.com/learn/application-security/http-parameter-pollution/)