In this paper, we present the first automated approach for the discovery of HTTP Parameter Pollution vulnerabilities in web applications.Using our prototype implementation called PAPAS(PArameter Pollution Analysis System),we conducted a large-scale analysis of more than 5,000 popular
websites.Our experimental results show that about 30% of the websites that we analyzed contain vulnerable parameters and that 46.8% of the vulnerabilities we discovered (i.e., 14% of the total websites) can be exploited via HPP attacks.The fact that PAPAS was able to find vulnerabilities in many high-profile, well-known websites suggests that many developers are not aware of the HPP problem.We informed a number of major websites about the vulnerabilities we identified,and our findings were confirmed
Download: PDF
PAPAS: PArameter Pollution Analysis System (Beta)
Volut-ID | World News Articles
All news of interest and can provide an info for you, and so can assist in the search for new news.
About news gadgets, mobile phones
info about the latest mobile phone, from news, features, and the most mobile phone models in search of the world.
No response to “Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications”
Leave a reply