1. Homepage
  2. RvR
  3. Application
  4. Attack Vectors

General Information

Client Controlled Price Manipulation

Variants:
Direct Persistent Session 

Also Known As:
Web Parameter Tampering, eShoplifting

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Application

Affected Mechanisms:
Input Validation, Secure Design

Invented In:
01/02/2000

Added In:
24/12/2014

Quick Introduction to the Topic:


Vector Operation Method:
Attackers can affect prices by manipulating client-controlled price input fields


Direct Variant:

Client Controlled Price Manipulation

Variant Title:
Client Controlled Price Manipulation

Typical Severity:
Critical

Resources:

CWE

CAPEC

OWASP Attacks

Other I

Other II

Other III

White Papers:

Paper I

Paper II

Paper II

Learn More:



Persistent Variant:

Stored Client Controlled Price Manipulation

Also Known As:
Persistent Client Controlled Price Manipulation

Typical Severity:
Critical

Resources:

White Papers:

Learn More:


Session Variant:

Client Controlled Price Manipulation via Session Poisoning

Also Known As:
Session Client Controlled Price Manipulation

Typical Severity:
Critical

Resources:

Wiki

White Papers:

Learn More:




TECAPI ©

Join