Please enable JS

BLOG DETAILS

img

BLOG / JUN 06, 2017 / CYBERINFOADMIN

Parameter Pollution: HTTP Parameter Pollution, as the name implies, pollutes the HTTP parameters of a web application in order to perform or achieve a specific malicious task/attack different from the intended behavior of the web application. This hacking technique is considered to be simple, but quite effective. Furthermore, the main reason this attack can be realized that the input is not sanitized properly. HPP injects encoded query string delimiters in existing or other HTTP parameters (i.e. GET/POST/Cookie), which make it feasible to supersede parameter values that already exist to inject a new parameter or exploit variables from direct access. This attack affects all web technologies, irrespective of the side i.e., client-side or server-side.

  • Supersede existing hardcoded HTTP parameters
  • Alter or modify the intended/normal application behaviour
  • Access and potentially exploit variables that are not been controlled properly
  • Bypass WAFs rules or input validation mechanisms

In the DELL website, Parameter tampering is available due to this attack, hacker can view the details of user and they can modify the details of user. Even after reporting to their security team they couldn’t remove the bug!



Here, we can view the details like Username, Phone number, Address, Service tag of laptop.