Authorization Bypass via HTTP Verb Tampering
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Web Application Configuration, Privilege Validation
Invented In:
29/05/2008
Added In:
10/12/2014
Vector Operation Method:
Attackers can bypass the application privilege validation by accessing protected resources of higher privileged users by using unexpected HTTP methods, such as GET, POST and HEAD.
