About: HTTP parameter pollution

An Entity of Type: Thing, from Named Graph: http://dbpedia.org, within Data Space: dbpedia.org

HTTP Parameter Pollution (HPP) is a web application vulnerability exploited by injecting encoded query string delimiters in already existing parameters. The vulnerability occurs if user input is not correctly encoded for output by a web application. This vulnerability allows the injection of parameters into web application-created URLs. It was first brought forth to the public in 2009 by Stefano di Paola and Luca Carettoni, in the conference OWASP EU09 Poland. The impact of such vulnerability varies, and it can range from "simple annoyance" to complete disruption of the intended behavior of a web application. Overriding HTTP parameters to alter a web application's behavior, bypassing input and access validation checkpoints, as well as other indirect vulnerabilities, are possible consequenc

Property	Value
dbo:abstract	HTTP Parameter Pollution (HPP) is a web application vulnerability exploited by injecting encoded query string delimiters in already existing parameters. The vulnerability occurs if user input is not correctly encoded for output by a web application. This vulnerability allows the injection of parameters into web application-created URLs. It was first brought forth to the public in 2009 by Stefano di Paola and Luca Carettoni, in the conference OWASP EU09 Poland. The impact of such vulnerability varies, and it can range from "simple annoyance" to complete disruption of the intended behavior of a web application. Overriding HTTP parameters to alter a web application's behavior, bypassing input and access validation checkpoints, as well as other indirect vulnerabilities, are possible consequences of a HPP attack. There is no RFC standard on what should be done when it has passed multiple parameters. HPP could be used for cross channel pollution, bypassing CSRF protection and WAF input validation checks. (en)
dbo:wikiPageExternalLink	https://www.researchgate.net/publication/221655534%7Cconference=Proceedings
dbo:wikiPageID	64531175 (xsd:integer)
dbo:wikiPageLength	4311 (xsd:nonNegativeInteger)
dbo:wikiPageRevisionID	1107293418 (xsd:integer)
dbo:wikiPageWikiLink	dbr:ResearchGate dbr:Vulnerability_(computing) dbc:Computer_security_exploits dbr:CSRF dbr:Web_application dbr:HTTP_request_smuggling dbr:HTTP_response_splitting dbr:Request_for_Comments dbr:Query_string dbc:Internet_security dbc:Hypertext_Transfer_Protocol dbr:OWASP dbr:Web_application_firewall dbr:Parameters dbr:Delimiters
dbp:wikiPageUsesTemplate	dbt:HTTP dbt:Cite_conference dbt:Reflist dbt:Sfn dbt:Short_description dbt:Web-stub
dcterms:subject	dbc:Computer_security_exploits dbc:Internet_security dbc:Hypertext_Transfer_Protocol
rdfs:comment	HTTP Parameter Pollution (HPP) is a web application vulnerability exploited by injecting encoded query string delimiters in already existing parameters. The vulnerability occurs if user input is not correctly encoded for output by a web application. This vulnerability allows the injection of parameters into web application-created URLs. It was first brought forth to the public in 2009 by Stefano di Paola and Luca Carettoni, in the conference OWASP EU09 Poland. The impact of such vulnerability varies, and it can range from "simple annoyance" to complete disruption of the intended behavior of a web application. Overriding HTTP parameters to alter a web application's behavior, bypassing input and access validation checkpoints, as well as other indirect vulnerabilities, are possible consequenc (en)
rdfs:label	HTTP parameter pollution (en)
owl:sameAs	wikidata:HTTP parameter pollution https://global.dbpedia.org/id/DDMaw
prov:wasDerivedFrom	wikipedia-en:HTTP_parameter_pollution?oldid=1107293418&ns=0
foaf:isPrimaryTopicOf	wikipedia-en:HTTP_parameter_pollution
is dbo:wikiPageDisambiguates of	dbr:HPP
is dbo:wikiPageWikiLink of	dbr:HPP
is foaf:primaryTopic of	wikipedia-en:HTTP_parameter_pollution