Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications
Page 1 of 1
Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications
In this paper, we present the first automated approach for the discovery of HTTP Parameter Pollution vulnerabilities in web applications.Using our prototype implementation called PAPAS(PArameter Pollution Analysis System),we conducted a large-scale analysis of more than 5,000 popular
websites.Our experimental results show that about 30% of the websites that we analyzed contain vulnerable parameters and that 46.8% of the vulnerabilities we discovered (i.e., 14% of the total websites) can be exploited via HPP attacks.The fact that PAPAS was able to find vulnerabilities in many high-profile, well-known websites suggests that many developers are not aware of the HPP problem.We informed a number of major websites about the vulnerabilities we identified,and our findings were confirmed
Download: PDF
PAPAS: PArameter Pollution Analysis System (Beta)
websites.Our experimental results show that about 30% of the websites that we analyzed contain vulnerable parameters and that 46.8% of the vulnerabilities we discovered (i.e., 14% of the total websites) can be exploited via HPP attacks.The fact that PAPAS was able to find vulnerabilities in many high-profile, well-known websites suggests that many developers are not aware of the HPP problem.We informed a number of major websites about the vulnerabilities we identified,and our findings were confirmed
Download: PDF
PAPAS: PArameter Pollution Analysis System (Beta)
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» keyword discovery methods:
» Patch for Yogurt writemessage.php original Parameter SQL Injection
» x5s - Automated XSS testing assistant
» VoIP Vulnerabilities
» Automated SEO poisoning attacks explained
» Patch for Yogurt writemessage.php original Parameter SQL Injection
» x5s - Automated XSS testing assistant
» VoIP Vulnerabilities
» Automated SEO poisoning attacks explained
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum