URL Parameter Tampering
The most well known of application hacks is best described as URL tampering. Imagine that once http://x.com/login.pl has processed a valid user, it allocates this user a number, which is used to uniquely identify that user. It passes this number(uid) as a parameter to account.pl:
Get http://x.com/account.php?uid=10
But imagine that a malevolent user has decided to be adventurous and experiment with changing the UID field to 11. All of a sudden the adventurous user is presented with a different user's account. Although this is a simple example, it is common to find slightly more complicated examples (which are just as easy to crack) used in sophisticated systems.[Via]