Modifying elements in the URL sent to a website in order to obtain unauthorized information. User queries are often passed to the database in the Web server by appending search arguments to the URL used to locate the site. By modifying the arguments (parameters) in the query, the malicious user can navigate the database and retrieve and/or modify its contents. See
XSS.