HTTP parameter pollution: Difference between revisions

Content deleted Content added

Revision as of 06:51, 29 August 2022 edit Citation bot (talk \| contribs) Bots 5,867,153 edits Alter: url. URLs might have been anonymized. Add: authors 1-1. Removed parameters. Some additions/deletions were parameter name changes. \| Use this bot. Report bugs. \| Suggested by Abductive \| #UCB_webform 3718/3850 ← Previous edit		Latest revision as of 16:44, 5 September 2023 edit undo 2601:1c2:801:4420:7cf2:9395:48f4:bf8 (talk) →Behaviour
(3 intermediate revisions by 2 users not shown)
Line 6: ==Behaviour== When itthey ~~has~~are passed multiple parameters with the same name, here is how ~~the~~various back ~~backend~~ends ~~behaves~~behave.<ref name="owasp_hpp">{{cite web\|title=WSTG - Latest:Testing for HTTP Parameter Pollution\|url=https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution}}</ref> {\| class="wikitable" \|+ Behaviour when "param" is passed the values "val1" & "val2" ~~\|+ Behaviour~~ \|- ! Technology !! Parsing result !! Example Line 41 ⟶ 42: ==Types== ===Client-side=== * First Order / Reflected HPP<ref name="owasp_hpp_paper">{{cite web\|url=https://owasp.org/www-pdf-archive/AppsecEU09_CarettoniDiPaola_v0.8.pdf\|title=HTTP Parameter Pollution\|~~authors~~author1=Luca Carettoni ~~and~~ \|author2=Stefano Di Paola }}</ref> * Second Order / Stored HPP<ref name="owasp_hpp_paper" /> * Third Order / DOM HPP<ref name="owasp_hpp_paper" />