On Tue, May 19, 2009 at 12:37 PM, Casey Dougall < ca...@uberwebsitesolutions.com> wrote:
> > On Tue, May 19, 2009 at 3:22 PM, Dana <dana.tier...@gmail.com> wrote: > > > > > thoughts, reactions, discussion? > > > > what is http parameter pollution? > Seems like a new name for an old flaw. Exploiting query strings by dividing payloads is clever, but it seems to me that it only gets you around query string validation, but we all know query strings are not to be trusted, don't we? Makes some interesting CSS/JS attacks possible, certainly, but is that anything new? ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-community/message.cfm/messageid:297308 Subscription: http://www.houseoffusion.com/groups/cf-community/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.5