🔥 3-day streak
CompTIA PenTest+ (PT0-003)45 / 175
Question 45 of 175
During a web application test, a penetration tester finds that submitting `role=user` in a POST request is enforced server-side, but the backend framework processes duplicate parameters by concatenating or selecting the last value. The tester crafts a request with `role=user&role=admin` and observes that the application grants administrative access. Which attack technique did the tester successfully exploit?
Reviewed for accuracy · Report an issueNext question