Closed bobinson closed 6 years ago
The forms are created by Django dynamically and is not hardcoded , In this case the same URL endpoint is used for the form as well as rendering the initial page which is why the action is left unspecified
ok, understood.
closing as false positive.
Subject of the issue
HTTP Parameter Override
https://www.keralarescue.in/find_people/?address__icontains&camped_at&district&gender&name__icontains¬es__icontains&page=396&phone__icontains
Unspecified form action: HTTP parameter override attack potentially possible. This is a known problem with Java Servlets but other platforms may also be
Steps to reproduce
https://www.acunetix.com/blog/whitepaper-http-parameter-pollution/
Tested with OWASP Zap