Element Duplication

Sometimes, you will not be able to hack a web service directly. In that case, learn how the web service behaves by sending it unexpected XML content – for example, double elements:

<login>
    <username>smartbear</username>
    <password>ReaDyAP1R0ck5</password>
    <password>ReaDyAP1R0ck5</password>
</login>

For this request, a response looks like this:

<loginresponse>
    <error>password is allowed only once and must be at least 6 characters and at most 20 characters.</error>
</loginresponse>

To obtain more information, try some modifications:

<login>
    <username>smartbear</username>
    <username>smartbear</username>
    <password>ReaDyAP1R0ck5</password>
    <password>ReaDyAP1R0ck5</password>
</login>

<login>
    <username>smartbear</username>
    <username>smartbear</username>
    <username>smartbear</username>
    <password>ReaDyAP1R0ck5</password>
</login>

See Also

In this section:
© 2025
Publication date: