HTTP Parameter Pollution

HTTP Parameter Pollution - Low Security Level Solution: Step 1. Note the lesson url url - http://10.0.2.4/bWAPP/hpp-1.php Enter your favourite movie name and check the url url - http://10.0.2.4/bWAPP/hpp-2.php?name=favouritemovie&action=vote ?name=favouritemovie&action=vote has been newly added Click on vote against any movie title name and check the change in the url. url - http://10.0.2.4/bWAPP/hpp-3.php?movie=9&name=favouritemovie&action=vote movie=9& has been newly added Step 2. Change the movie value and check the output. Note: As we change the value the movie name changes. Step 3. The lesson wants us to make Tony Stark win every time Tony Starks movie number is 2 Let's add malicious parameters and make Tony Stark win Go to the lesson page and give input as &movie=2 and click on continue Now click on any movie, and note your votes will only go to Tony Stark instead of the selected movie. Go back to lesson and try selecting another movie name, your vote will again go to Tony Stak. PseudoTime