In a semantic URL attack, a client manually adjusts the parameters of its request by maintaining the URL's syntax but altering its semantic meaning.
Consider a web-based e-mail application where users can reset their password by answering the security question correctly, and allows the users to send the password to the e-mail address of their choosing.
After they answer the security question correctly, the web page will arrive to the following web form where the users can enter their alternative e-mail address: The receiving page, resetpassword.php, has all the information it needs to send the password to the new e-mail.
The user may decide to steal other people's (user002) e-mail address by visiting the following URL as an experiment: If the resetpassword.php accepts these values, it is vulnerable to a semantic URL attack.
One method of avoiding semantic URL attacks is by using session variables.