Method Tampering |
Overview Method Tampering can occur for several reasons. One is that developers sometimes fetch values using the "REQUEST" array. This allows the user to inject variables into either GET or POST and have the application process them. To cause parameter pollusion, a user can send parameters via POST which the developer thinks should be passed via the URL. The user could also pass a variable using both GET and POST. The application can be tricked by the bogus parameters. Video Tutorials Discovery Methodology Determine parameters needed for a valid request. If the page submits requests via POST, change the method to GET and observe if the request works properly. Reverse GET requests as well. Exploitation Method tampering can help with filter bypass and make cross site request forgery easier. Videos Determine HTTP Methods using Netcat How to list HTTP Methods with CURL How to list HTTP Methods with NMap Introduction to Method Tampering |