HTTP Parameter Pollution
Variants:
Direct
Also Known As:
Improper Handling of Extra Parameters
Vector Type:
Evasion Technique
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Input Validation
Invented In:
13/05/2009
Added In:
18/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Attackers can send multiple inputs with identical parameter names in order to bypass security validations that only handle one parameter value per name, in order to override hardcoded HTTP variables or in order to cause unexpected behaviors in the application.
