Hey Joel,
In the instance that I mentioned, the service that was doing the testing
considered things manipulated if the bogus parameter was reflected in
the URL (even if the parameter was otherwise ignored by the page.)
That's why the solution that I created removed extra parameters and did
a "clean" redirect (i.e. including only valid parameters) back to the
same page. So, regardless of what was entered, the individual could only
arrive at a page with acceptable parameters.
HTH
--Chris
On 3/29/18 11:33 AM, Joel Shapiro wrote:
On Mar 28, 2018, at 11:01 AM, Richard DeShong <richard@xxxxxxxxxxxxxx
<mailto:richard@xxxxxxxxxxxxxx>> wrote:
Manipulated results means that they can get different results
depending on what query data they use to attack.
Hi Richard
The issue is that I can’t understand how the testing could report
“manipulated results’, since any/all GET params are completely ignored
by the page.
Best,
-Joel