Technical takeaways from H1-415: Using invalid URL encoding sequences (ie %$1) can cause HTTP parameter pollution, do virtual host scanning with ports, find the origin server for things behind CDNs, and brute force GraphQL endpoints if introspection is off.
Got my 1st HTTP Parameter Pollution (HPP) bug rewarded! Targeting an OAuth login: by providing url parameter "scope" twice, the page asked confirmation for the first, but ended up authorizing all others too:
/oauth?redirect=x&response_type=code&client_id=x&scope=name&scope=email
Last updated 3 months ago
