A query parameter allows a client to refine researches on a website. It is composed of a key (the parameter name) and a value (what we are requesting).
With parameter pollution, we enter a query parameter with the same key multiple times. For example, we could have
$URL?username=X&username=Y, but which one does a web server choose?
In fact, each web servers adopt different behaviors: some of them choose the first parameter, the second parameter, or every parameter.
This attack could allow an attacker to bypass input validation and WAFs rules, manipulate, access, or retrieve hidden information.
Arjun can be used to find HTTP parameters in a website.
arjun -u $URL/endpoint