- A web parameter tampering attack involves manipulation of parameters exchanged between client and server in order to modify application data such as user credentials and permissions, price, and quantity of products
- A parameter tampering attack exploits vulnerabilities in integrity and logic validation mechanisms that may result in XSS, SQL injection, etc.
// Tampering with the URL parameters
http://www.example.com/cust.jsp?profile=21&debit=2500
http://www.example.com/cust.jsp?profile=21&debit=1500
// Other parameters can be changed including attribute parameters
http://www.example.com/stat.jsp?pg=531&status=view
http://www.example.com/stat.jsp?pg=146&status=delete
Cheng® 