Revision as of 17:50, 12 July 2020 edit Machinexa (talk \| contribs) Extended confirmed users 2,808 edits m →Server Sided HPP ← Previous edit		Revision as of 17:51, 12 July 2020 edit undo Machinexa (talk \| contribs) Extended confirmed users 2,808 edits m I tried my best to cite. Though mistake may happen, please improve Next edit →
Line 1: '''HTTP Parameter Pollution''' or HPP in short is a vulnerability that occurs due to passing of multiple parameters having same name. There is no [[Request_for_Comments\|RFC]] standard on what should be done when passed multiple parameters. This vulnerability was first discovered in 2009. <!-- by whom, if anyone knows they can update --><ref name="owasp_hpp">{{cite web\|url= https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/04-Testing_for_HTTP_Parameter_Pollution\|title=WSTG - Latest:Testing for HTTP Parameter Pollution}}</ref>. HPP could be used for cross channel pollution, bypassing [[CSRF]] protection and [[Web_application_firewall\|WAF]] input validation checks.<ref>{{cite web\|url=http://www.madlab.it/slides/BHEU2011/whitepaper-bhEU2011.pdf\|title=HTTP Parameter Pollution Vulnerabilities in Web Applications\|date=2011}}</ref> ==Behaviour==

HTTP parameter pollution: Difference between revisions