0
URL Manipulation
Another example of a simple parameter manipulation attack is the case of URL
manipulation. This attack is similar to the hidden field manipulation attack. In this attack,
instead of the application storing a sensitive value as a hidden form field, the value is
passed as an argument in the URL. Using the User ID value again as an example, a
vulnerable application would appear to an attacker as www.example.com/application
.jsp?uid=12345. The attacker could then manipulate the URL and resubmit it as www
.example.com/application.jsp?uid=0 to gain administrator access.
Header Manipulation
A more complex form of parameter manipulation is HTTP header manipulation. This
attack involves modifying headers that are sent by the browser to the application. An
example of this type of parameter manipulation attack is an application that checks the
Referer header to verify that a user logged in. In this example, when the user requests a
protected URL such as www.example.com/protected/index.jsp, the application first checks to
see if the Referer header shows the user has submitted the request from the login page,
such as www.example.com/login.jsp. The application assumes that since the request is
coming from a user who has just visited the login page, the user must have authenticated
and the application redirected the user to the protected resource.
Pages:
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305