SQL Sorting
Variants:
Direct
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Syntax Escaping, Secure Design
Invented In:
29/07/2011
Added In:
17/12/2014
Vector Operation Method:
Attackers can enumerate sensitive information such as credit cards and passwords by abusing index-controlled content sorting features and their resource position in public lists, while changing their own sorted values to affect their position on the list.
