HTTP Parameter Pollution

Video Explaining Concept

  • What happens if you append your own parameters at the end of a URL. eg:www.legitsite.com/blog?page=login&url=attacker.com

Theory

  • There is no standard defined how to accept HTTP Parameters. [No RFC]

  • Behaviour is based on various programming languages. Eg: PHP takes the last occuring parameter.

Last updated