Absolutely! Here's a breakdown of injection attacks on GET parameters, along with exact payloads you can use for testing during VAPT. These are applicable to web interfaces inside a thick client app ...