{"version":"1.0","provider_name":"Hatena Blog","url":"https://cysec148.hatenablog.com/entry/2025/09/16/075754","blog_url":"https://cysec148.hatenablog.com/","type":"rich","author_name":"ThisIsOne","categories":["Web Security Academy","API testing"],"image_url":null,"html":"<iframe src=\"https://hatenablog-parts.com/embed?url=https%3A%2F%2Fcysec148.hatenablog.com%2Fentry%2F2025%2F09%2F16%2F075754\" title=\"Lab: Exploiting server-side parameter pollution in a REST URL - Shikata Ga Nai\" class=\"embed-card embed-blogcard\" scrolling=\"no\" frameborder=\"0\" style=\"display: block; width: 100%; height: 190px; max-width: 500px; margin: 10px 0px;\"></iframe>","author_url":"https://blog.hatena.ne.jp/ThisIsOne/","height":"190","blog_title":"Shikata Ga Nai","published":"2025-09-16 07:57:54","width":"100%","provider_url":"https://hatena.blog","title":"Lab: Exploiting server-side parameter pollution in a REST URL","description":"Hello there, ('\u03c9')\u30ce \u306a\u305c\u6210\u7acb\u3059\u308b\uff1f\uff08\u307e\u305a\u201c\u7d75\u201d\u3092\u6301\u3064\uff09 \u30a2\u30d7\u30ea\u306f\u3001\u5fd8\u308c\u305f\u30d1\u30b9\u30ef\u30fc\u30c9\u51e6\u7406\u3067\u30b5\u30fc\u30d0\u30fc\u5074\u304b\u3089\u5185\u90e8API\u306bHTTP\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u767a\u884c\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u3053\u3067 username \u304c\u305d\u306e\u307e\u307e URL\u30d1\u30b9\u306e\u4e00\u90e8\u306b\u4f7f\u308f\u308c\u3066\u3044\u308b\u3068\u3001 ?\uff08\u30af\u30a8\u30ea\u958b\u59cb\uff09\u3084 #\uff08\u30d5\u30e9\u30b0\u30e1\u30f3\u30c8\u958b\u59cb\uff09\u3067\u5f8c\u7d9a\u3092\u5207\u308a\u843d\u3068\u3057 ./ \u3084 ../ \u3067\u30d1\u30b9\u3092\u76f8\u5bfe\u79fb\u52d5 /field/... \u306e\u3088\u3046\u306a\u8ffd\u52a0\u30bb\u30b0\u30e1\u30f3\u30c8\u3092**\u201c\u30b5\u30fc\u30d0\u30fc\u304c\u81ea\u5206\u3067\u4ed8\u3051\u305f\u3082\u306e\u201d**\u306b\u898b\u305b\u304b\u3051\u308b \u2026\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002\u3053\u308c\u304c Server-Side Parameter Pollution in a REST URL \u306e\u6b63\u4f53\u3067\u3059\u3002 \u30d5\u30a7\u30fc\u30baA\uff1a\u89b3\u5bdf\u3068\u4eee\u8aac\u3065\u304f\u2026"}