Invalid File Input Leaking Sensitive Details Via Verbose Error Message
The error response contains information which may help in more sophisticated attacks
Verbose Error Messages (VEM)
How this template works
APIs Selection
The template uses API selection filters to specify the criteria for selecting the API requests to be executed. In this case, the filters include checking the response code to be between 200 and 299, and either the request payload or query parameter containing the word "file".
Execute request
The template specifies a single type of request to be executed. It modifies the body parameter and query parameter by replacing the values with "testInvalidFile".
Validation
The template defines the validation criteria for the response received from the executed request. It checks that the response code is greater than or equal to 400. Additionally, it checks if the response payload contains either the words "SQL", "MYSQL", or "access denied", or if the response payload length is greater than 1000.
Frequently asked questions
What is the purpose of the "INVALID_FILE_INPUT" subcategory in this test
How does the "INVALID_FILE_INPUT" vulnerability impact the application
What are the potential consequences of inconsistent error messages
How does this test filter requests based on response codes
How does the test modify the request parameters
What are the validation criteria for this test
"The text editor in Akto is absolutely remarkable. Its user-friendly YAML format strikes the perfect balance between simplicity and power. With intuitive features like 'API selection filter', 'Execute', Validate' creating test rules becomes incredibly easy. Akto's test editor is a game-changer, enabling seamless creation of highly personalized and effective tests that could meet the needs of any modern day organization. "

Security team,
Rippling