View Attack Vector

General Information

Client Controlled Sum Abuse

Variants:
Direct Persistent Session

Also Known As:
Web Parameter Tampering

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
01/02/2000

Added In:
09/12/2014

Vector Operation Method:
Attackers can abuse the application logic by manipulating client-controlled sums originating from input fields. For example - reducing a client-controlled sum that sets the minimum offer for a digital tender

Direct Variant:

Client Controlled Sum Abuse

Variant Title:
Client Controlled Sum Abuse

Typical Severity:
Major

Resources:

CWE

OWASP Attacks

White Papers:

Learn More:

Persistent Variant:

Stored Client Controlled Sum Abuse

Also Known As:
Persistent Client Controlled Sum Abuse

Typical Severity:
Major

Resources:

White Papers:

Learn More:

Session Variant:

Client Controlled Sum Abuse via Session Poisoning

Also Known As:
Session Client Controlled Price Manipulation

Typical Severity:
Major

Resources:

Wiki

White Papers:

Learn More: