Element Omission

Element omission is opposite to element duplication. In both cases, you are trying to cause the service to reveal sensitive information with unexpected requests.

To create a request of this type, omit some elements from the body:

<login>
    <username> smartbear</username>
</login>

The response reveals an element you need to gain access to the service.

<loginresponse>
    <error>element password is expected.</error>
</loginresponse>

Also, try the following:

Replace the username with a password:

<login>
    <password>ReaDyAP1R0ck5</password>
</login>

Remove all elements:
```
<login>
</login>
```

Element Omission

See Also

Search results