..Well, SQL injection via HTTP parameter pollution that is! 😉  There was a HTTP parameter pollution blog that came out earlier this month about the ability to bypass Web Application Firewall (WAF) if injecting this specific parameter pollution.  I wanted to blog about this then but Synergy activities took priority, so now following on this to say that we can definitely handle multiple parameters with same name independently.  We can detect Cross Site Scripting (XSS) and SQL attacks in any duplicate field irrespective of the location of the inserted field.  So, the field can be in the beginning or end of the query params and NetScaler can detect it.  See some examples below:
Oct 10 07:25:12 <local0.info> 10/09/2012:22:25:12 GMT ns 0-PPE-0 : APPFW APPFW_XSS 147 0 : 205-PPE0 EVUBunh1TyGGyXu3Dl+3XVVsgYkA000 profile_login http://aaron.stratum8.net/FFC/login.php?login_name=&lt;gotcha&gt;&passwd=12&text_area=comennts&login_name=abc&login_name=def&loginButton=ClickToLogin&as_fid=PgYrY86JB5%2BU0UBfpchM Cross-site script check failed for field login_name=”Bad tag: gotcha” <not blocked>

Oct 10 07:52:41 <local0.info> 10/09/2012:22:52:41 GMT ns 0-PPE-0 : APPFW APPFW_SQL 175 0 : 211-PPE1 EVUBunh1TyGGyXu3Dl+3XVVsgYkA000 profile_login http://aaron.stratum8.net/FFC/login.php?login_name=user1&passwd=123&drinking_pref=on&login_name=user2&text_area=&loginButton=ClickToLogin&login_name=select+*+from+%5C%3B&as_fid=sBqgBeBTyLUaMQwSBZ1e SQL Keyword check failed for field login_name=”select * from \;(\)” <not blocked>
On another note, we do trigger field consistency check if it is setup to prevent insertion of multiple fields by duplicate name. No SQL/XSS violations … See below for example:
Oct 10 07:34:08 <local0.info> 10/09/2012:22:34:08 GMT ns 0-PPE-0 : APPFW APPFW_FIELDCONSISTENCY 155 0 : 207-PPE0 EVUBunh1TyGGyXu3Dl+3XVVsgYkA000 profile_login http://aaron.stratum8.net/test/login.php?login_name=user1&login_name=user2&passwd=&login_name=user3&login_name=user4&text_area=&login=login&as_fid=B4CWnFnGWDKC0uaHgfFx Field consistency check failed for field login_name <not blocked>

Another idea is to use signatures to define specifically how may times to allow the repetition of the field.  Hence, there are some options that NetScaler admins can do to protect against these kinds of attacks and keep the network environment free from pollutions! 🙂