Setting Manipulation

Revision as of 11:06, 5 July 2006 by Weilin Zhong (Talk | contribs)

Jump to: navigation, search
This is an Attack. To view all attacks, please see the Attack Category page.


Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.

NOTE: The title was originally from and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is Allowing External Setting Manipulation


  • An application takes a user-controllable parameter in the HTTP request to decide whether to turn on the debug mode.
  • The serialized object that stores the current system status can be overwritten by user input.

Related Threats

Related Attacks

Related Vulnerabilities

Allowing External Setting Manipulation

Related Countermeasures


This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.