Element Duplication
Sometimes, you will not be able to hack a web service directly. In that case, learn how the web service behaves by sending it unexpected XML content – for example, double elements:
<login> <username>smartbear</username> <password>ReaDyAP1R0ck5</password> <password>ReaDyAP1R0ck5</password> </login>
For this request, a response looks like this:
<loginresponse> <error>password is allowed only once and must be at least 6 characters and at most 20 characters.</error> </loginresponse>
To obtain more information, try some modifications:
<login> <username>smartbear</username> <username>smartbear</username> <password>ReaDyAP1R0ck5</password> <password>ReaDyAP1R0ck5</password> </login>
<login> <username>smartbear</username> <username>smartbear</username> <username>smartbear</username> <password>ReaDyAP1R0ck5</password> </login>