HTTP Parameter Pollution (HPP)
HTTP Parameter Pollution (HPP)
- July 8, 2022
- Posted by: Nicola Selenu

It is a Web attack evasion technique that allows an attacker to craft a HTTP request in order to manipulate or retrieve hidden information. This evasion technique is based on splitting an attack vector between multiple instances of a parameter with the same name. Since none of the relevant HTTP RFCs define the semantics of HTTP parameter manipulation, each web application delivery platform may deal with it differently. In particular, some environments process such requests by concatenating the values taken from all instances of a parameter name within the request. This behavior is abused by the attacker in order to bypass pattern-based security mechanisms.
Author:Nicola Selenu
Email Service Providers Handbook
The most comprehensive “Handbook of Email Service Providers“!
SPAMASSASSIN RULES
All SpamAssassin rules in one place, EXPLAINED!
SMTP COMMANDS
& REPLY CODES
All SMTP/ESMTP commands and reply codes in one place, EXPLAINED!
Free DNS Tool
Check the DNS records of your domain with our free DNS tool.
Deliverability Glossary
The most comprehensive Email Deliverability and Marketing Glossary!