Http parameter pollution

merlinwhite16 · April 17, 2016, 12:00pm

noob here,

Ive been reading through lots and lots of public disclosures as part of my learning and one I’ve come across is parameter pollution, I’m looking at 2 reports in particular here and cant for the life of me understand what the particular vulnerability is

hackerone doesnt seem to have a forum so i cant ask there

I’ve read the OTG-INPVAL-004 from OWASP and just cant conclude why these reports are valid?

can any clarify this please?

Herrera · May 2, 2016, 10:45pm

They considered a vulnerability because the attacker can tamper with the url and then send this new url to a victim. After this, if the victim tries to share it via facebook, it will end up linking the website of the attacker instead of the original website.

merlinwhite16 · May 4, 2016, 2:56pm

Thank you kindly Herrera

Topic		Replies	Views
Reflected XSS with Burp Web Hacking	7	3994	July 20, 2020
Hacking with Burp Suite - Tutorial 1 Starter Zone	2	14518	November 26, 2015
Possible API Key Leak? Web Hacking	6	4667	July 20, 2022
Trying for xss! Starter Zone	2	1703	May 15, 2021
XSS Challenge - Twins of Ten Starter Zone	0	4064	June 15, 2015

Http parameter pollution

Related topics