HTTP Parameter Pollution (HPP) - Manipulating Another User's Basket in OWASP Juice Shop

HTTP Parameter Pollution (HPP) is a unique attack technique that leverages inconsistencies in how web servers and applications handle multiple parameters with the same name. This can lead to unintended behaviors, such as bypassing input validation or manipulating data in unexpected ways.

In this lab, you will explore HTTP Parameter Pollution (HPP) by exploiting a vulnerability in the OWASP Juice Shop application. You will learn how to inject multiple basket identifiers into a single API request to manipulate another user’s shopping basket. By understanding this attack, you'll gain insight into how improperly handled input parameters can break application logic and compromise security.

Objectives:

Upon completing this lab, you will:

• Understand HTTP Parameter Pollution (HPP) and its implications.
• Learn to craft API requests to exploit HPP vulnerabilities.
• Manipulate data in another user’s basket using HPP.

Who is this lab for?

This lab is designed for:

• Developers seeking to understand and prevent HPP vulnerabilities in their applications.
• Security professionals looking to explore advanced access control bypass techniques.
• IT learners aiming to strengthen their knowledge of web application security concepts.