Table of Contents
Parameter Manipulation Attack
Attempt to manipulate input to application validation and filtering.
Because of PHP‘s weak typing and automatic type conversion, alternative representations of input parameters can foil validation checks. Empty(’000’) is false, but will convert to a 0 (zero) if used in a numeric context. If this attack is successful, it can lead to the ability to perform other attacks.
Exploited Vulnerability
Remedy
- Use white list checking versus black list checking.