/alerttags/wstg-v42-inpv-04/ Recent content in WSTG-V42-INPV-04 on ZAP Hugo en-us /docs/alerts/20014/ Mon, 01 Jan 0001 00:00:00 +0000 /docs/alerts/20014/ <p>HTTP Parameter Pollution (HPP) attacks consist of injecting encoded query string delimiters into other existing parameters. If a web application does not properly sanitize the user input, a malicious user can compromise the logic of the application to perform either client-side or server-side attacks. One consequence of HPP attacks is that the attacker can potentially override existing hard-coded HTTP parameters to modify the behavior of an application, bypass input validation checkpoints, and access and possibly exploit variables that may be out of direct reach.</p>