8 lines
572 B
Plaintext
8 lines
572 B
Plaintext
User-supplied data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. Performing requests from user-controlled data could allow attackers to make arbitrary requests on the internal network or to change their original meaning and thus to retrieve or delete sensitive information.
|
|
|
|
|
|
The problem could be mitigated in any of the following ways:
|
|
|
|
* Validate the user-provided data, such as the URL and headers, used to construct the request.
|
|
* Redesign the application to not send requests based on user-provided data.
|