Difference between revisions of "Setting Manipulation"

From OWASP
Jump to: navigation, search
Line 5: Line 5:
 
Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.  
 
Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.  
  
NOTE: The title was originally from [[CVE|http://www.cve.mitre.org/]] and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is [[Allowing External Setting Manipulation]]
+
NOTE: The title was originally from [CVE http://www.cve.mitre.org/] and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is [[Allowing External Setting Manipulation]]
  
 
==Examples ==
 
==Examples ==

Revision as of 12:06, 5 July 2006

This is an Attack. To view all attacks, please see the Attack Category page.


Description

Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.

NOTE: The title was originally from [CVE http://www.cve.mitre.org/] and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is Allowing External Setting Manipulation

Examples

  • An application takes a user-controllable parameter in the HTTP request to decide whether to turn on the debug mode.
  • The serialized object that stores the current system status can be overwritten by user input.

Related Threats

Related Attacks

Related Vulnerabilities

Allowing External Setting Manipulation

Related Countermeasures

Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.