search

Content Type Tampering

circle-info

Content-Type Tampering is a vulnerability where an attacker manipulates the Content-Type header of HTTP requests to bypass security checks or exploit vulnerabilities.

triangle-exclamation

This can lead to unauthorized actions, such as bypassing file type validation, injecting malicious content, or compromising data integrity.

circle-check

Validate and sanitize the Content-Type header on the server side, implement proper file type validation, and enforce security policies that restrict content types to expected and safe values.

hashtag
JSON to XML

We can check the behaviour on different Content-Type formats. This could result in:

  • Triggering verbose erros.

  • Bypass flawed defences.

  • Leverage differences in processing logic (e.g. secure with JSON but flawed with XML).

We can easily do that using Burp's Content Type Converterarrow-up-right extension (Figure 1).

The below example is based on the crAPIarrow-up-right application.

Figure 1: Converting JSON to XML.

hashtag
Adding Content-Type in the Request

Try adding Content-Type: application/json in the request and send a blank body. This might return a stack trace!

PreviousHTTP Verb TamperingNextImproper Asset Management

Last updated