⌘Ctrlk

Web Mass Assignment Vulnerabilities

This vulnerability arises due to parameters not being whitelisted/blacklisted.

Original Request:

{ "user" => { "username" => "hacker", "email" => "hacker@example.com" } }

Modified Request:

{ "user" => { "username" => "hacker", "email" => "hacker@example.com", "admin" => true } }

Last updated 2 years ago