Displaying 1 result from an estimated 1 matches for "carettoni".
2009 May 21
0
"HTTP Parameter Pollution" and Rails
Today there was a posting by Stefano di Paola to the Web Security
Mailing List,
http://www.webappsec.org/lists/websecurity
about "HTTP Parameter Pollution", with a reference to his and Luca
Carettoni presentation at
http://www.owasp.org/images/b/ba/AppsecEU09_CarettoniDiPaola_v0.8.pdf
The point is that different web servers/backends behave differently when
handling requests such as
GET /foo?par1=val1&par1=val2 HTTP/1.1
User-Agent: Mozilla/5.0
Host: Host
Accept: */*...