Close Menu
    What's Hot

    Ultimate Guide to Attack Surface Scanning

    April 10, 2025

    Recent Trends in Zero Trust Architecture

    March 3, 2025

    Modern Defensive Cybersecurity Services

    December 29, 2024
    Facebook X (Twitter) Instagram LinkedIn WhatsApp
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    • Bug Bounty

      A Beginner’s guide to Active Directory Penetration Testing

      June 21, 2023

      Building an XSS Scanner with Python

      February 27, 2023

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

      January 13, 2023

      How To Find DOM-based XSS Vulnerability

      December 27, 2022
    • Pen Testing

      Privileged Escalation: How Hackers Exploit Permissions to Compromise Your Systems

      March 5, 2024

      The Ultimate Guide to Vulnerability Scanning

      December 13, 2023

      Top 10 Tools for Real World Red Teaming

      November 18, 2023

      Locking Down OAuth 2.0: Critical Steps to Protect User Accounts and Data

      November 10, 2023

      Detailed guide on Password Transmutations

      April 29, 2023
    • Cyber Security

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      A Comprehensive Guide on Cyber Security Services VS Cyber Security Products

      June 14, 2024

      A Comprehensive Guide to Security Compliance

      May 6, 2024
    • Services
    • Product
      • Certifications
    • More
      1. Ethical Hacking
      2. Kali Linux
      3. Write Ups
      4. CTF
      5. Blockchain
      6. Machine Learning
      7. Computer Science
      8. View All

      Journey to Website Security: Uncovering Hyperlink Injection Dangers

      February 24, 2023

      Pentest/VAPT RoE and Best Practices

      February 3, 2023

      Emoji Deploy Attack Chain

      January 24, 2023

      Introduction to Information Security

      January 11, 2023

      Cyber Security Roadmap (Part-2)

      October 25, 2022

      How to install waybacksurls in kali linux (2022)

      September 23, 2022

      How To Find Hidden Parameters

      November 12, 2022

      Top 10 Subdomain Takeover Reports

      November 6, 2022

      Pause DeSync Attack :

      November 3, 2022

      Bypassing OTP Verification Methods

      October 31, 2022

      Tryhackme Vulnversity walkthrough

      September 26, 2022

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      A Peek into Facial Recognition Technology

      August 21, 2023

      How Data Scientists and Machine Learning Engineers Differs

      November 8, 2022

      Artificial Neural Networks with ML

      November 4, 2022

      INTRODUCTION TO MACHINE LEARNING

      October 20, 2022

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024

      BCI: Merging Minds With Machines

      August 18, 2023

      Is Quantum Computing the future of Computing?

      August 16, 2023

      Ultimate Guide to Attack Surface Scanning

      April 10, 2025

      Recent Trends in Zero Trust Architecture

      March 3, 2025

      Modern Defensive Cybersecurity Services

      December 29, 2024

      Robotic Process Automation: The Key to Effortless Efficiency

      September 18, 2024
    HITH Blog – HackerinthehouseHITH Blog – Hackerinthehouse
    Home»Bug Bounty»HTTP PARAMETER POLLUTION
    Bug Bounty

    HTTP PARAMETER POLLUTION

    By KRiPPto99September 30, 2022Updated:October 1, 2022No Comments4 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email

    HTTP parameter pollution is something which manipulate according to how a web applications treats the parameters which receives during http requests, here vulnerability found when an attacker injects extra parameters into a request and sometimes the target website trust them, this leads to unexpected behaviors .

    In other words attacker craft a HTTP request in order to manipulate or retrieve hidden information

    HPP vulnerability can be found on both server side and client side

     

    lets see in SERVER-SIDE HPP

    here in server-side hpp, here to get some unexpected code returns from website, attacker injects some unpredicted code in server side to get results, when he make a request to website , the site’s servers process the request and return a response, they don’t just return webpage but also sometimes website runs code based on information they receive from the URL that is sent,

    hpp can be also used to bypass several web application firewalls (waf)rules, in some wafs only validate a single parameter occurrence

    For example:
    HPP Server-side attacks can also be used for cross-channel pollution and to bypass CSRF tokens

    lets supposer there is web technology is ASP.NET/IIS, an attacker can send the request to server

    http://testaspnet.vulnweb.com/ReadNews.aspx?par1=<script&par1=prompt.”…”> …

    Since ASP.NET/IIS concatenates the values of the same parameters, the end result will be <script prompt”…”>. Consequently, an attacker can expand this into a complete cross-site scripting attack.

    If there’s a any Application Firewall ahead of this application then it’ll check every incidence of the parameter singly against the foundations for injection attacks. As a result, the online application firewall can check the primary parameter which is able to not match any of the injection attack rules since this can be not a malicious payload. Then it’ll create constant check for the second parameter that equals once more, this can be not thought-about as a dangerous payload and can not raise any alerts. even so, as mentioned before, ASP.NET/IIS can concatenate these values, supported however the technology parses these occurrences, leading to capital punishment associate XSS attack (if it had been enlarged in a very complete XSS payload).

     

    Now lets see in CLIENT-SIDE HPP

    Client side HPP vulnerabilities allow attackers to inject extra parameters into a URL to create effects on a users end
    here client side attack has to do with user’s action are affected and will trigger a malicious code or unintended action without the users knowledge hpp client side attacks can be reflected hpp , stored hpp and action forms with post method , another hpp client attacks side attack is dom based attack

    For example:

    lets take a scenario is webmail service website from where user can view and delete his/her email

    http://host/viewemail.jsp?client_id=79643215

    the link to view an email is:
    <a href=”viewemail.jsp?client_id=79643215&action=view”> View </a>

    the link to delete an email is:

    <a href=”viewemail.jsp?client_id=79643215&action=view”> Delete </a>

    here when the user clicks on any of those links the action will be performed the two links are built from the url. the ID will requested and added embedded in the href link together with according action. Thus:

    ID=Request.getParemeter(“client_id”)
    href_link=”viewmail.jsp?client_id=” +ID +”&action=abc”

    so now we can see client_id is vulnerable to HPP, an attacker creates a url and injects another parameter ‘action’ by encoded query eg%26 after the client_id parameter , this parameter holds the value ‘delete’:

    After the creation of the malicious link, the page now contains two links which are injected with an extra action parameter. Thus:

    <a href=viewemail.jsp?client_id=79643215&action=delete&action=view > View </a>
    <a href=viewemail.jsp?client_id=79643215&action=delete&action=delete > Delete </a>

    as shown in the above table Jsp will parse the two same parameters (action) and will return the first value. JSP query Request.getParemeter(“action”) will return ‘delete’ in both cases,

    This is a simple example how an attacker can exploit an HTTP Parameter Pollution vulnerable website and cause malicious code to run or be executed without being detected.

    Thank you for reading this and have a nice stay there!

    Author

    • KRiPPto99

      View all posts

    bugbounty bugbountytips Cyber-Security how to start bugbounty hpp HTTP parameter pollution Writeups
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleIntroduction to Nmap | Nmap series part-1
    Next Article Digital Forensics Guide
    KRiPPto99

    Related Posts

    Cyber Security

    A Comprehensive Guide to Security Compliance

    May 6, 2024
    Cyber Security

    A Comprehensive Guide to APT

    March 10, 2024
    Pen Testing

    The Ultimate Guide to Vulnerability Scanning

    December 13, 2023
    Add A Comment
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    How to install waybacksurls in kali linux (2022)

    September 23, 20222,488 Views

    File Upload XSS | Find XSS in a different way while doing Bug bounty and Pentesting

    January 13, 2023829 Views

    OSCP Cheat Sheet

    October 16, 2022690 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Advertisement
    X (Twitter) Instagram LinkedIn WhatsApp Telegram
    • About us
    • Contact Us
    • Privacy Policy
    • Terms
    © 2025 HITH Blog. Powered by Hackerinthehouse.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.