Secret Argument Injection
Variants:
Direct
Also Known As:
Secret Parameter, Argument Injection, Application Backdoor
Vector Type:
Attack
Relevance:
Generic
Layer:
Application-Level
Platforms:
Any
Target Type:
Application
Affected Mechanisms:
Privilege Validation, Secure Design
Invented In:
17/01/2009
Added In:
08/12/2014
Vector Operation Method:
Attackers can abuse the application functionality by sending secret optional inputs that affect the application behavior. The attack may affect dormant inputs and flags related to configuration, back doors, privileges and other aspects.
