Burp Suite User Forum

Create new post

Request Manipulation

subhash | Last updated: Jul 06, 2024 01:51PM UTC

Hello Team, I have one general query. Changing a request query parameter to a different value and then getting a different result. As long as the data is something user should have access to then there isn't a problem right ?

Hannah, PortSwigger Agent | Last updated: Jul 08, 2024 12:13PM UTC

Hi Could you provide some more information about your question? Changing query parameters may result in a different response - for example, the query parameter might be a product ID to determine which product to display on a shopping site.

subhash | Last updated: Jul 11, 2024 04:57AM UTC

There is a search option and by that feature we can see users record and both admin and non admin users can see that specific user record. So if I login and search for user example: abc and intercept the request and modified the value to different user def and forwarded the request the application is showing details of def. Although the user have privilege to see both user record via UI itself. So there isn't a issue right ? If they were able to see the record which they do not have access to in some way then it would be a problem. right ?

Hannah, PortSwigger Agent | Last updated: Jul 11, 2024 10:46AM UTC

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.