Manipulating User Permission Identifier

Revision as of 05:07, 30 October 2007 by Nsrav (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
This is an Attack. To view all attacks, please see the Attack Category page.


This attack focus on manipulation of user permission identifier in order to elevate his privileges on the application, resulting in unauthorized access, fraudulent transactions and application disrupt. The user permission identifier is normally tied or associated with a session ID, local cookies, hidden fields, among others.

To execute this attack, it is necessary to determine how the application manages user permission identifier, where/how/which information is stored and managed (client-side, server-side or both) and what data is used as part of identifier. Based on this, the attacker can forge his request using new values for session identifier and raise his permission on the application.


Assume that an application stores the authentication decision (auth=0/1) in an unencrypted cookie on client machine. An attacker can violate this information of user session and set “auth=1” in order to get illegitimate access and elevated his privilege in the application.

External References

Related Threats

Category: Authorization

Category: Information Disclosure

Related Attacks

Related Vulnerabilities

Category: Environmental Vulnerability

Related Countermeasures

Category:Access Control


Category: Resource Manipulation