Jump to content

HTTP parameter pollution

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Machinexa (talk | contribs) at 17:20, 12 July 2020. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

HTTP Parameter Pollution or HPP in short is a vulnerability that occurs due to passing of multiple parameters having same name. There is no RFC standard on what should be done when passed multiple parameters. This vulnerability was first discovered in 2009. [1]. HPP could be used for cross channel pollution, bypassing CSRF protection and WAF input validation checks.[2]

  1. ^ "WSTG - Latest:Testing for HTTP Parameter Pollution".
  2. ^ "HTTP Parameter Pollution Vulnerabilities in Web Applications" (PDF). 2011.
Retrieved from "https://en.wikipedia.org/w/index.php?title=HTTP_parameter_pollution&oldid=967336691"