Query Parameter in SSL Request, where is this?
I am validating issues which were previously found. In the URL, the following information is available:
GET /cleaned/servlet/ControllerServlet?commandLink=AppPriceReportList.jsp HTTP/1.1
Since the connection is via SSL, I would have expected that Burp would have flagged this as an issue.
Please can you describe exactly what the security vulnerability is that you believe is present in the application’s behavior, and we’ll be able to determine whether Burp should have reported it?
GET /cleaned/servlet/ControllerServlet?commandLink=AppBillingHistory.jsp HTTP/1.1
Given that the commandLink parameter is exposed, and is also a controlling factor in the application, it identifies different functions within the application, which may or may not be available to the authenticated user.
The Title of this question is actually the vulnerability which was uncovered via AppScan.
Thanks for the follow-up.
It’s certainly true that there is a parameter in the request that controls server-side behavior, but this is common. In fact, it is how the majority of application functions are implemented, so on its own it does not constitute a vulnerability. The use of SSL or otherwise is not relevant to that question.
It is possible that the application contains access control vulnerabilities, and that users can gain access to unauthorized functions or data by modifying parts of requests. Burp Scanner doesn’t automatically test for access control issues, and finding these bugs generally requires human input, to understand the purpose of each function and whether it ought to be access controlled.
It’s not clear what issue your other scanner was reporting. It’s possible it was trying to find access control issues, but the description suggests otherwise. We would not regard the appearance of request parameters as being a reportable issue.