Element Omission

Element omission is opposite to element duplication. In both cases, you are trying to cause the service to reveal sensitive information with unexpected requests.

To create a request of this type, omit some elements from the body:

<login>
    <username> smartbear</username>
</login>

The response reveals an element you need to gain access to the service.

<loginresponse>
    <error>element password is expected.</error>
</loginresponse>

Also, try the following:

  • Replace the username with a password:

    <login>
        <password>ReaDyAP1R0ck5</password>
    </login>
    
  • Remove all elements:

    <login>
    </login>
    

See Also

Publication date: