Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.
Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.
Published on
On May 14th @ OWASP Appsec Poland 2009, Stefano Di Paola (Minded Security) and Luca Carettoni presented a new attack category called
Http Parameter Pollution (HPP).
HPP attacks can be defined as the possibility to override or add HTTP GET/POST parameters by injecting query string
delimiters.
It affects a building block of all web technologies thus server-side and client-side attacks exist.
Exploiting HPP vulnerabilities, it may be possible to:
* Override existing hardcoded HTTP parameters.
* Modify the application behaviors.
* Access and, potentially exploit, uncontrollable variables.
* Bypass input validation checkpoints and WAFs rules.