From a6727e8305c3177316c6b44207a8890b54f4ec07 Mon Sep 17 00:00:00 2001 From: Cher Boon Date: Wed, 23 Dec 2020 01:28:32 +0800 Subject: [PATCH] Added Golang information --- HTTP Parameter Pollution/README.md | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/HTTP Parameter Pollution/README.md b/HTTP Parameter Pollution/README.md index 6db67de..1703a06 100644 --- a/HTTP Parameter Pollution/README.md +++ b/HTTP Parameter Pollution/README.md @@ -24,17 +24,20 @@ Attacker -- http://example.com?search=Beth&search=' OR 1=1;## --> WAF (reads fir ### Table of refence for which technology reads which parameter When ?par1=a&par1=b -| Technology | Parsing Result|outcome (par1=)| -| ------------------|---------------|:-------------:| -| ASP.NET/IIS |All occurrences |a,b | -| ASP/IIS |All occurrences |a,b | -| PHP/Apache |Last occurrence |b | -| PHP/Zues |Last occurrence |b | -| JSP,Servlet/Tomcat|First occurrence|a | -| Perl CGI/Apache |First occurrence|a | -| Python Flask |First occurrence|a | -| Python Django |Last occurrence |b | -| Nodejs |All occurrences |a,b | +| Technology | Parsing Result |outcome (par1=)| +| ------------------ |--------------- |:-------------:| +| ASP.NET/IIS |All occurrences |a,b | +| ASP/IIS |All occurrences |a,b | +| PHP/Apache |Last occurrence |b | +| PHP/Zues |Last occurrence |b | +| JSP,Servlet/Tomcat |First occurrence |a | +| Perl CGI/Apache |First occurrence |a | +| Python Flask |First occurrence |a | +| Python Django |Last occurrence |b | +| Nodejs |All occurrences |a,b | +| Golang-`r.URL.Query().Get("param")` |First occurrence |a | +| Golang-`r.URL.Query()["param"]` |All occurrences |a,b | + ## References - [HTTP Parameter Pollution - Imperva](https://www.imperva.com/learn/application-security/http-parameter-pollution/)