Skip to content

Injection: Reflected URL Parameter¶

Identifier: reflected_url_parameter

Scanner(s) Support¶

GraphQL Scanner	REST Scanner	WebApp Scanner	ASM Scanner

Description¶

User input via URL parameters that is reflected in page content can indicate potential vulnerabilities, especially if the input is not properly validated or sanitized.

How we test: We inject test payloads into URL parameters and analyze responses to detect if user input is reflected in page content without proper encoding or sanitization, which could indicate potential injection vulnerabilities.

Configuration¶

Example¶

Example configuration:

---
security_tests:
  reflected_url_parameter:
    skip: false

Reference¶

`skip`¶

Type : boolean

Skip the test if true.