Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 16

Altering Hidden Fields
Attack requirement:
1. One or more parameter is passed
as hidden field
2. The server is not checking those
parameters before usage
Attack process
1. Using a proxy capture the request.
2. Alter the hidden field as required
3. Release the altered request
2017-05-10
Web Application Security Fast Guide (book slides)
By Dr.Sami Khiami
Slide 16