# HTTP Parameter pollution

```
# Inject existing extra parameters in GET:
https://www.bank.com/transfer?from=12345&to=67890&amount=5000&from=ABCDEF
https://www.site.com/sharer.php?u=https://site2.com/blog/introducing?&u=https://site3.com/test
```

![](https://1729840239-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-M5x1LJiRQvXWpt04_ee%2F-MKVdiVlBdGYwc1G_f8w%2F-MKVdiVm38v1gvpsplPo%2Fimage.png?alt=media\&token=86f2f636-31d4-4f14-a19f-587cd5a1b8a6)