HTTP Parameter Pollution Vulnerabilities in Web Applications
نویسنده
چکیده
2 HTTP Parameter Pollution Attacks 3 2.1 Parameter Precedence in Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Parameter Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1 Cross-Channel Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2 HPP to bypass CSRF tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.3 Bypass WAFs input validation checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
منابع مشابه
Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications
In the last twenty years, web applications have grown from simple, static pages to complex, full-fledged dynamic applications. Typically, these applications are built using heterogeneous technologies and consist of code that runs both on the client and on the server. Even simple web applications today may accept and process hundreds of different HTTP parameters to be able to provide users with ...
متن کاملAutomated Detection of HPP Vulnerabilities in Web Applications
2 HTTP Parameter Pollution Attacks 3 2.1 Parameter Precedence in Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Parameter Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1 Cross-Channel Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2 HPP to bypass CSRF tokens . . . . . ....
متن کاملARC: Protecting against HTTP Parameter Pollution Attacks Using Application Request Caches
HTTP Parameter Pollution (HPP) vulnerabilities allow attackers to exploit web applications by manipulating the query parameters of the requested URLs. In this paper, we present Application Request Cache (ARC), a framework for protecting web applications against HPP exploitation. ARC hosts all benign URL schemas, which act as generators of the complete functional set of URLs that compose the app...
متن کاملWeb Application Attacks Detection: A Survey and Classification
The number of attacks is increasing day by day, especially the web attacks due to the shift of the majority of companies towards web applications. Therefore, the security of their sensitive data against attackers becomes a crucial matter for all organization and companies. Thus the necessity to use intrusion detection systems are required in order to increases the protection and prevent attacke...
متن کاملTelecom Paristech Spécialité « Informatique Et Reseaux » Présentée Et Soutenue Publiquement Par Mesures Automatisées De Nouvelles Menaces Sur Internet Table Desmatì Eres I Résumé 13
In the last twenty years, the Internet has grown from a simple, small network to a complex, large-scale system. While the Internet was originally used to offer static content that was organized around simple websites, today, it provides both content and services (e.g. chat, e-mail, web) as well as the outsourcing of computation and applications (e.g. cloud computing). In 2011, the number of Int...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011