Parameter Tampering

From Glitchdata
Revision as of 06:47, 8 July 2022 by Jasonchen (talk | contribs) (Created page with "Web application developers sometimes use hidden fields to save information about a client session or to submit hidden parameters, such as the language of the end user, to the...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Web application developers sometimes use hidden fields to save information about a client session or to submit hidden parameters, such as the language of the end user, to the underlying application. Because hidden form fields do not display in the browser, developers may feel safe passing unvalidated data in the hidden fields (to be validated later). This practice is not safe because an attacker can intercept, modify and submit requests, which can discover information or perform functions that the web developer never intended. The malicious modification of web application parameters is known as parameter tampering.