On May 14th @ 2009, me & Carettoni presented a new attack category called Http Parameter Pollution (HPP).
HPP attacks can be defined as the feasibility to override or add HTTP GET/POST parameters by injecting query string delimiters. It affects a building block of all web technologies thus server-side and client-side attacks exist. Exploiting HPP vulnerabilities, it may be possible to:
Bypass input validation checkpoints and WAFs rules.
Just to whet your appetite, I can anticipate that by researching for real world HPP vulnerabilities, we found issues on some Google Search Appliance front-end scripts, Ask.com, Yahoo! Mail Classic and several other products.
You can download the slides of the talk here (pdf) or browse it on .
