Parameter Delimiter

asian foreplay movies hanggliding australia south african music composer mrchews asian beaver blackspider phishing asia pc cillin antivirus updates links page sydney australia apartments for rent automobile associaton map asian sea hawaii auto classifieds antivirus mcafee download comparatifs antivirus antivirus free download trial url the court system in australia map page asian london massage remove norton antivirus corporate asia business business guide guide india s antivirus for worms doug robb hoobastank asian african after american civil war revs check australia traditional african home autopipe software auto body shop in seattle asian festival columbus links dayton used auto loan africa casablanca morocco a prayer book for australia maps australia nsw asian student travel african women art academic dress australia centurion lake hotel south africa blacksonasians.+com australian badminton computer antivirus free eurasian automotive kim eng ong asia australian boy models link africa city garmin select south asian teen escort australia flight qantas

Last revision (mm/dd/yy): //

Description
This attack is based on the manipulation of parameter delimiters used by web application input vectors in order to cause unexpected behaviors like access control and authorization bypass and information disclosure, among others.

Risk Factors
TBD

Examples
In order to illustrate this vulnerability, we will use a vulnerability found on Poster V2, a posting system based on PHP programming language.

This application has a dangerous vulnerability that allows inserting data into user fields (username, password, email address and privileges) in âmem.phpâ file, which is responsible for managing the application user.

An example of the file âmem.phpâ, where user Jose has admin privileges and Alice user access:

<? Jose|12345678|jose@attack.com|admin| Alice|87654321|alice@attack.com|normal| ?>

When a user wants to edit his profile, he must use the "edit accountâ option in the âindex.phpâ page and enter his login information. However, using â|â as a parameter delimiter on email field followed by âadminâ, the user could elevate his privileges to administrator. Example:

Username: Alice Password: 87654321 Email: alice@attack.com |admin|

This information will be recorded in âmem.phpâ file like this:

Alice|87654321|alice@attack.com|admin|normal|

In this case, the last parameter delimiter considered is â|admin|â and the user could elevate his privileges by assigning administrator profile.

Although this vulnerability doesnât allow manipulation of other users' profiles, it allows privilege escalation for application users.

Related Threat Agents

 * Category: Authorization
 * Category: Command Execution

Related Attacks

 * Category:Injection Attack

Related Vulnerabilities

 * Category: Input Validation Vulnerability

Related Controls

 * Category: Input Validation