Posted in: Blog, Posted On: Jun 06, 2017, Posted By: cyberinfoadmin
HTTP Parameter Tampering in DELL Website
Parameter Pollution: HTTP Parameter Pollution, as the name implies, pollutes the HTTP parameters of a web application in order to perform or achieve a specific malicious task/attack different from the intended behavior of the web application. This hacking technique is considered to be simple, but quite effective. Furthermore, the main reason this attack can be realized is because the input is not sanitized properly. HPP injects encoded query string delimiters in existing or other HTTP parameters (i.e. GET/POST/Cookie), which make it feasible to supersede parameter values that already exist to inject a new parameter or exploit variables from direct access. This attack affects all web technologies, irrespective of the side i.e., client-side or server-side.
Generally, an attacker can use HPP vulnerabilities to:
In the DELL website, Parameter tampering is available due to this attack, hacker can view the details of user and they can modify the details of user. Even after reporting to their security team they couldn’t remove the bug!
Here, we can view the details like Username, Phone number, Address, Service tag of laptop.