Parameter pollution


HTTP Parameter Pollution is a web application vulnerability which occurs when hackers hide scripts and processes in URLs. This technique can also allow hackers to pollute the parameters in the URL and the request body if user input is not sanitized correctly by a web application. This could lead to behavior changes in the app, such as cross-site scripting, privilege changes or granting unwanted access.

An attacker can use an HPP attack to perform many different unwanted actions. They can override the existing hardcoded HTTP parameters, modify the application behavior and access and exploit the user-uncontrollable variables. HPP attacks also enable people to bypass input validation checks and web application firewall (WAF) rules. It opens up routes to attacks, including cross-site scripting (XSS), structured query language (SQL) injection. HPP attacks can be performed by polluting HTTP GET/POST requests by injecting multiple parameters with the same name holding different values and kept apart by delimiters.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support

Get Social

Connect with experts and join the conversation about Radware technologies.

Radware Blog
Security Research Center