General Information

Secret Argument Injection

Variants:
Direct 

Also Known As:
Secret Parameter, Argument Injection, Application Backdoor

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Privilege Validation, Secure Design

Invented In:
17/01/2009

Added In:
08/12/2014


Vector Operation Method:
Attackers can abuse the application functionality by sending secret optional inputs that affect the application behavior. The attack may affect dormant inputs and flags related to configuration, back doors, privileges and other aspects.


Direct Variant:

Secret Argument Injection

Also Known As:
Secret Argument Modification

Typical Severity:
Medium

Resources:

White Papers:

Learn More: