Client Controlled Action Type Manipulation via Parameter Tampering
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Privilege Validation
Invented In:
01/01/1999
Added In:
25/12/2014
Quick Introduction to the Topic:
Vector Operation Method:
Bypass the privilege enforcement in the application by changing an action identifier controlled using client originating parameters, in order to cause another privileged operation to be performed. Examples may include changing view actions to delete actions, to insert actions, etc.
