42
Hidden Field Manipulation
:
eShoplifting
eShoplifting
Change
price in eCommerce site
Hidden
price parameter can be changed
Hard
to detect in logs compare price to original, use HTTP referer
Variations:
not limited to eShoplifting
Changing
hidden values can undermine application
Example:
SQL injections, CSS, remote command execution, overflow/DoS, session
hijacking, file read/write