This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Setting Manipulation"
From OWASP
Weilin Zhong (talk | contribs) |
Weilin Zhong (talk | contribs) |
||
| Line 5: | Line 5: | ||
Attackers manipulate the settings of the system to cause the application to behave in unexpected ways. | Attackers manipulate the settings of the system to cause the application to behave in unexpected ways. | ||
| − | NOTE: The title was originally from | + | NOTE: The title was originally from [CVE http://www.cve.mitre.org/] and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is [[Allowing External Setting Manipulation]] |
==Examples == | ==Examples == | ||
Revision as of 17:06, 5 July 2006
- This is an Attack. To view all attacks, please see the Attack Category page.
Description
Attackers manipulate the settings of the system to cause the application to behave in unexpected ways.
NOTE: The title was originally from [CVE http://www.cve.mitre.org/] and was intended to be used for a vulnerability. We believe this title is more appropriate for an attack. The corresponding vulnerability is Allowing External Setting Manipulation
Examples
- An application takes a user-controllable parameter in the HTTP request to decide whether to turn on the debug mode.
- The serialized object that stores the current system status can be overwritten by user input.
Related Threats
Related Attacks
Related Vulnerabilities
Allowing External Setting Manipulation
Related Countermeasures
Categories
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
