[TYPO3-mvc] Can forms be easily manipulated?
Jan Kornblum
jan.kornblum at gmx.de
Fri Dec 12 13:47:38 CET 2014
Dear newsgroup,
is it easily possible for an attacker to manipulate a form by
submitting additionals fields which exist in the underlaying domain
model? Would theese field be persited into the database?
For example there is a form (newAction), containing the fields
"firstname" and "lastname". But the model contains additional fields
like "street", "zip", "city". What happens if an attacker now
manipulates the post-array by adding the field "street"?
Kind regards, Jan
More information about the TYPO3-project-typo3v4mvc
mailing list