This challenge covers how to send specific HTTP requests

< 1 Hr.
HTTP Badge


In this challenge, you need to send a POST request to /pentesterlab with the parameter key included twice, both times set to the value please. This scenario is designed to showcase HTTP parameter pollution, where the same parameter is sent multiple times in a request. This can lead to unexpected and sometimes exploitable behaviors in web applications, especially when multiple levels of proxying are involved.

To solve this challenge, we recommend using curl initially. Start by running curl and use the --data option followed by key=please&key=please. This will help you understand the basic mechanics of the request. Afterward, you can write a script in your preferred programming language to automate this process, which will be beneficial for your future projects. This method can also help bypass filtering mechanisms in place, such as web application firewalls or reverse proxies.

Want to learn more? Get started with PentesterLab Pro! GO PRO