HTTP Parameter Pollution

HTTP Parameter Pollution

HTTP Parameter Pollution is when arbitrary values are entered in web parameters in an effort to cause an unexpected behavior. The goal of the unexpected behavior is for a client-side weakness or server-side weakness such as HTML injection or command injection.

HTTP parameters are typically managed and processed by the web application server. In a web application, testing HTTP Parameter Pollution can be as simple as incrementing a page ID number in the URL. For example, if the page URL ends with .php?id=1, you can try to change the id number to the number 2, such as .php?id=2.

Different values can be performed by changing parameters in the HTTP GET and POST requests. Injecting multiple parameters with different values will allow you to receive specific error codes. HTTP error codes can be used to determine your next course of action to perform.

1×× Informational

2×× Success

3×× Redirection

4×× Client Error

5×× Server Error

Similar Posts