Method Tampering

Overview Method Tampering can occur for several reasons. One is that developers sometimes fetch values using the "REQUEST" array. This allows the user to inject variables into either GET or POST and have the application process them. To cause parameter pollusion, a user can send parameters via POST which the developer thinks should be passed via the URL. The user could also pass a variable using both GET and POST. The application can be tricked by the bogus parameters. Discovery Methodology Determine parameters needed for a valid request. If the page submits requests via POST, change the method to GET and observe if the request works properly. Reverse GET requests as well. Exploitation Method tampering can help with filter bypass and make cross site request forgery easier. Videos Warning: Could not reach YouTube via network connection. Failed to embed video. Click here to watch Determine HTTP Methods using Netcat