Web application security - the fast guide Chapter 5: Attack Execution - the client

Hashed Hidden Fields OR 67fdg43098743mazxcd445 Regenerate another based on algorithm discloser 67fdg43098743mazxcd445 Encrypted hidden field 67fdg43098743mazxcd445 Containing account number Copied from another account Attack requirement: 1. One or more parameter is passed as hidden field 2. The server is not checking those parameters before usage Attack process 1. Using a proxy capture the request. 2. Alter the hidden field as required 3. Release the altered request 2017-05-10 Web Application Security Fast Guide (book slides) By Dr.Sami Khiami Slide 17

Web application security - the fast guide Chapter 5: Attack Execution - the client | Page 17