General Information

Client Controlled Action Type Manipulation via Parameter Tampering

Variants:
Direct Session 

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Privilege Validation

Invented In:
01/01/1999

Added In:
25/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Bypass the privilege enforcement in the application by changing an action identifier controlled using client originating parameters, in order to cause another privileged operation to be performed. Examples may include changing view actions to delete actions, to insert actions, etc.


Direct Variant:

Client Controlled Action Type Manipulation via Parameter Tampering

Variant Title:
Client Controlled Action Type Manipulation via Parameter Tampering

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

Client Controlled Action Type Manipulation via Session Poisoning

Also Known As:
Session Client Controlled Action Type Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More: