8 lines
519 B
Plaintext
8 lines
519 B
Plaintext
User provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. A remote server making requests to URLs based on tainted data could enable attackers to make arbitrary requests to the internal network or to the local file system.
|
|
|
|
|
|
The problem could be mitigated in any of the following ways:
|
|
|
|
* Validate the user provided data based on a whitelist and reject input not matching.
|
|
* Redesign the application to not send requests based on user provided data.
|