To continue investigating the
Http Parameter Contamination (HPC) attack, I’ve done some primitive fuzzing in the environments which had not been covered in the original research of
Ivan Markovic. It must be mentioned, that I have not found out anything new. On the other hand, an interesting feature of the Python interpreter was revealed; I also got a payload exploit for conducting a denial-of-service attack against the Tomcat server:) But I won’t disclose anything else about the latter so far.
The results are presented in the figure below.