If a REST endpoint (http://example.com) the
p Querying parameters and passing them to another endpoint:
http_get ("http://example.com/api2?p=". $ _ GET['p']);
I will be able to exploit it by attaching content later
p: http://example.com?p=a%26admin=true, making a request to http://example.com/api2?p=a&admin=true (
% 26 is decoded
& from the server), which leads to an exploit if the
/ api2 Endpoint reads the
But if I use HTML Purifier
$ _GET['p']will convert it
&Amp;which will break the attack if api2 is not reading
amp; Admin (unlikely in practice).
Does that mean the escape of
&Amp; will effectively prevent the exploit? Why are we warned on this page?
& amp; HPP_TEST then?