Revision as of 08:10, 13 July 2020 edit Machinexa (talk \| contribs) Extended confirmed users 2,808 edits m →See Also ← Previous edit		Revision as of 08:17, 13 July 2020 edit undo Machinexa (talk \| contribs) Extended confirmed users 2,808 edits mNo edit summary Next edit →
Line 1: {{short description\|Web security vulnerability}} {{HTTP}} '''HTTP Parameter Pollution''' or HPP in short is a vulnerability that occurs due to passing of multiple parameters having same name. There is no [[Request_for_Comments\|RFC]] standard on what should be done when passed multiple parameters. This vulnerability was first discovered in 2009. <!-- by whom, if anyone knows they can update --><ref name="owasp_hpp">{{cite web\|url= https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution\|title=WSTG - Latest:Testing for HTTP Parameter Pollution}}</ref>.HPP could be used for cross channel pollution, bypassing [[CSRF]] protection and [[Web_application_firewall\|WAF]] input validation checks.<ref>{{cite web\|url=http://www.madlab.it/slides/BHEU2011/whitepaper-bhEU2011.pdf\|title=HTTP Parameter Pollution Vulnerabilities in Web Applications\|date=2011}}</ref>

HTTP parameter pollution: Difference between revisions