This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Testing for WS HTTP GET parameters/REST attacks (OWASP-WS-005)"
From OWASP
Line 1: | Line 1: | ||
'''HTTP GET parameters.''' | '''HTTP GET parameters.''' | ||
+ | |||
+ | |||
Many XML applications are invoked by passing them parameters using HTTP GET queries | Many XML applications are invoked by passing them parameters using HTTP GET queries | ||
Example: | Example: | ||
− | The HTTP request with query string /viewDetail=detail-10293, the HTTP GET parameter is detail-10293). | + | The HTTP request with query string /viewDetail=detail-10293, the HTTP GET parameter is detail- 10293). |
− | These are sometimes known as “REST-style" Web Services. These Web Services can be attacked by passing malicious content on the HTTP GET string (e.g. Extra long parameters (2048 chars), SQL statements/injection or OS Injection parameters). | + | These are sometimes known as “REST-style" Web Services. These Web Services can be attacked by passing malicious content on the HTTP GET string (e.g. Extra long parameters (2048 chars), SQL statements/injection or OS Injection parameters). |
Revision as of 10:30, 26 October 2006
HTTP GET parameters.
Many XML applications are invoked by passing them parameters using HTTP GET queries
Example:
The HTTP request with query string /viewDetail=detail-10293, the HTTP GET parameter is detail- 10293).
These are sometimes known as “REST-style" Web Services. These Web Services can be attacked by passing malicious content on the HTTP GET string (e.g. Extra long parameters (2048 chars), SQL statements/injection or OS Injection parameters).