METHOD TAMPERING

WHAT IS METHOD TAMPERING?

Method tampering (aka verb tampering and HTTP method tampering) is an attack against authentication or authorization systems that have implicit "allow all" settings in their security configuration. This type of attack takes advantage of vulnerabilities in HTTP verb authentication (also known as HTTP method authentication) and access control mechanisms.

HTTP provides a list of methods that can be used to perform specific actions. In the list of HTTP methods, GET and POST are most commonly used by developers to access information provided by a web server. But HTTP also provides several other methods and many of these can pose a critical security risk for a web application, as they allow an attacker to modify the files stored on the web server, delete a web page on the server, and upload a web shell to the server, which can lead to the theft of user credentials.

BACK TO LISTING