| Details | |
|---|---|
| Alert ID | 20014 |
| Alert Type | Active |
| Status | beta |
| Risk | Informational |
| CWE | 20 |
| WASC | 20 |
| Technologies Targeted | All |
| Tags |
CWE-20 OWASP_2017_A01 OWASP_2021_A03 POLICY_PENTEST WSTG-V42-INPV-04 |
| More Info |
Scan Rule Help |
Summary
HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.