Setting Manipulation

From OWASP
Revision as of 12:06, 5 July 2006 by Weilin Zhong (Talk | contribs)

Jump to: navigation, search
This is an Attack. To view all attacks, please see the Attack Category page.


Description

Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.

NOTE: The title was originally from http://www.cve.mitre.org/ and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is Allowing External Setting Manipulation

Examples

  • An application takes a user-controllable parameter in the HTTP request to decide whether to turn on the debug mode.
  • The serialized object that stores the current system status can be overwritten by user input.

Related Threats

Related Attacks

Related Vulnerabilities

Allowing External Setting Manipulation

Related Countermeasures

Categories

This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.