Web application security - the fast guide 1.1 | Page 106
Chapter 5 - Attack Execution the client
P a g e | 106
C. Forward the altered request using (action) button
5.17 Hashed hidden fields
OR
67fdg43098743mazxcd445
Encrypted hidden field
Containing account
number
67fdg43098743mazxcd445
Regenerate another based
on algorithm discloser
67fdg43098743mazxcd445
Copied from another account
Figure 41:Attack using hashed hidden field value
Try to alter an encrypted value passed as hidden field
Attack requirement:
A. An ability to break the encryption function by knowing the encrypted
value and being able to regenerate encrypted content with the same
functionality.
OR