Allowing External Setting Manipulation

From OWASP

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Description

The application allows attackers to control its setting. This enables attackers to manipulate the setting of the application to cause the application to behave in unexpected ways.

Examples

The privileged system administrative functions are exposed.

The application takes user-controllable data to update its settings.
- Set the debug mode based on a hidden field in the request.
- The application takes a serialized data object from the request to update its settings.

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.

Retrieved from "http://www.owasp.org/index.php/Allowing_External_Setting_Manipulation"

Categories: OWASP ASDR Project | Stub | Input Validation Vulnerability | Access Control Vulnerability

Views

Personal tools

Log in / create account

Reference

search

Toolbox