Your question doesn’t make much sense. ‘Body parameters’ is an unusual turn of phrase, but a Google search revealed that apparently it’s terminology from a vulnerability assessment: https://security.stackexchange.com/questions/134114/addressing-body-parameters-accepted-in-query-vulnerability
Do you have any more information you can provider? Are you scanning for vulnerabilities? With what? What are you scanning?
Yes I am scanning for vulnerability using IBM Security AppScan.
It says “Re-program the application to disallow handling of POST parameters that were listed in the Query”.
parameters that were listed in the Query
Was there a list generated that you can share?
GET /?widget_id=presscore-contact-form-widget–
1&send_message=&name=&email=test%40altoromutual.com&message=25 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Referer: http://domainname.com/contact-us/
Host: domainname.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 200 OK
Transfer-Encoding: chunked
Link: <http://domainname.com//wp-json/>; rel=”https://api.w.org/”
X-XSS-Protection: 1
Server: Apache
X-Content-Type-Options: nosniff
Date: Fri, 07 Jul 2017 08:53:22 GMT
Content-Type: text/html; charset=UTF-8
-
This reply was modified 8 years, 10 months ago by
Jan Dembowski.
-
This reply was modified 8 years, 10 months ago by
midhunbaby.
This is another reason generated by the APPSCAN
Test Response is similar to the Original Response, indicating that the application processed body parameters that were submitted in the query.
Please let me know if you need any other information
Thank you.
So the issue seems to be with “presscore-contact-form-widget”. As far as I can tell, this is something added by a couple of themes. Are you using either of these themes:
http://presscastle.com/themes/business-themes/presscore-responsive-multipurpose-by-dream-theme/
https://themeforest.net/item/the7-responsive-multipurpose-wordpress-theme/5556590
Or any theme developed by Dream-Theme?
If so, you will need to talk to the theme’s developer about resolving this.
Yes you are correct. I am using https://themeforest.net/item/the7-responsive-multipurpose-wordpress-theme/5556590.
But the tool is showing error for below one also
GET /wp-login.php?log=&pwd=&rememberme=forever&wpsubmit=
Log+In&redirect_to=http%3A%2F%2Fdomainname.com%2Fwp-admin%2F&testcookie=1
HTTP/1.1
User-Agent
Is there any solution?
Thank you
