BOLA by HTTP Parameter Pollution
Attacker can access resources of any user by introducing multiple parameters with same name.
Broken Object Level Authorization (BOLA)
How this template works
The template uses API selection filters to specify the criteria for selecting the desired API requests. In this case, it filters requests based on the response code being between 200 and 300, and the presence of a private variable context with a value greater than 0.
The template executes a single request using the private variable extracted from the private variable context. It adds the private variable as a query parameter in the request.
The template validates the response received from the executed request. It checks that the response code is between 200 and 300, and the percentage match of the response payload is less than 80%. Additionally, it ensures that the response payload has a length greater than 0.
Frequently asked questions
What is the impact of the PARAMETER_POLLUTION vulnerability in this test
How does the test identify the PARAMETER_POLLUTION vulnerability
What is the severity level of the PARAMETER_POLLUTION vulnerability
What are the potential consequences of unauthorized access through PARAMETER_POLLUTION
Are there any specific OWASP or HackerOne references related to PARAMETER_POLLUTION
How does the test validate the presence of PARAMETER_POLLUTION vulnerability