Feb 15, 2011

Web Parameter Tampering

11:18 AM  s4ur4v  No comments

 
The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL Query Strings, and is used to increase application functionality and control. 

This attack can be performed by a malicious user who wants to exploit the application for their own benefit, or an attacker who wishes to attack a third-person using a Man-in-the-middle attack.


Examples Of parameter tampering 

Example 1

The parameter modification of form fields can be considered a typical example of Web Parameter Tampering attack.
For example, consider a user who can select form field values (combo box, check box, etc.) on an application page. When these values are submitted by the user, they could be acquired and arbitrarily manipulated by an attacker.

Example 2

When a web application uses hidden fields to store status information, a malicious user can tamper with the values stored on his browser and change the referred information. For example, an e-commerce shopping site uses hidden fields to refer to its items, as follows:

<input type=”hidden” id=”1008” name=”cost” value=”70.00”>
In this example, an attacker can modify the “value” information 
of a specific item, thus lowering its cost.
Similar Methods can be used while buying online through paypal,alertpay etc
  
Example 3
An attacker can tamper with URL parameters directly. For example, consider a web application that permits a user to select his profile from a combo box and debit the account:




http://www.attackbank.com/default.asp?profile=741&credit=500
In this case, an attacker could tamper with the URL, using other values for profile and credit


 
http://www.attackbank.com/default.asp?profile=852&credit=2000
Other parameters can be changed including attribute parameters. In the
following example, it’s possible to tamper with the status variable and
delete a page from the server:
Unmodified Variable in the parameter
http://www.attackbank.com/savepage.asp?nr=147&status=read


Modifying the status variable to delete the page:  


 
http://www.attackbank.com/savepage.asp?nr=147&status=del
Now I gave you a basic Idea about how the data tampering works.SO i may get you a tutorial next time.



Happy Hacking
































 



 





 





Posted in:  



























0
comments:
        












Post a Comment





























Share





Twitter
Delicious
Facebook
Digg
Stumbleupon
Favorites
More