General Information

Client Controlled Quantity Manipulation

Variants:
Direct Persistent Session 

Also Known As:
Web Parameter Tampering

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Authentication Verification

Invented In:
01/02/2000

Added In:
12/12/2014


Vector Operation Method:
Attackers can abuse the application logic by manipulating client-controlled quantity input fields. For example - buying a combination of positive quantities of products and negative quantities of products in an ecommerce transaction to affect the total price


Direct Variant:

Client Controlled Quantity Manipulation

Variant Title:
Client Controlled Quantity Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More:



Persistent Variant:

Stored Client Controlled Quantity Manipulation

Also Known As:
Persistent Client Controlled Quantity Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

Client Controlled Quantity Manipulation via Session Poisoning

Also Known As:
Session Client Controlled Quantity Manipulation

Typical Severity:
Major

Resources:

White Papers:

Learn More: