This vulnerability was first presented by Stefano di Paola and Luca Carettoni in 2009 at the OWASP Poland conference. HTTP Parameter Pollution takes advantage of the fact that HTTP allows more than one of the same parameters to be used, which exposes some web applications to malicious users. HPP is a simple yet quite effective hacking technique which affects both client-side and server-side environments. When exploited, the impact of an HPP injection attack depends on the functionality of the web application. Despite its simplicity, the HTTP Parameter Pollution vulnerability can be very dangerous and can compromise your website and web application security systems.
The Acunetix Team has created a detailed whitepaper that explains in detail how an HTTP Parameters Pollution injection attack can be launched at the front-end (client) or the back-end (server) of the web application. We also recommend security measures that should be taken in order to determine if your website is vulnerable to HPP attacks.