# Parameter Pollution

* [Technical takeaways from H1-415: Using invalid URL encoding sequences (ie %$1) can cause HTTP parameter pollution, do virtual host scanning with ports, find the origin server for things behind CDNs, and brute force GraphQL endpoints if introspection is off.](https://twitter.com/Rhynorater/status/1104133664928018432)
* [Got my 1st HTTP Parameter Pollution (HPP) bug rewarded! Targeting an OAuth login: by providing url parameter "scope" twice, the page asked confirmation for the first, but ended up authorizing all others too:](https://twitter.com/honoki/status/1291307034919542789?s=20)

  [/oauth?redirect=x\&response\_type=code\&client\_id=x\&scope=name\&scope=email](https://twitter.com/honoki/status/1291307034919542789?s=20)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://gowsundar.gitbook.io/book-of-bugbounty-tips/parameter-pollution.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.