[Find Injection Entry Points] The attacker first takes an inventory of the entry points of the application.
[Determine the application's susceptibility to Flash injection] Determine the application's susceptibility to Flash injection. For each URL identified in the explore phase, the attacker attempts to use various techniques such as direct load asfunction, controlled evil page/host, Flash HTML injection, and DOM injection to determine whether the application is susceptible to Flash injection.
[Inject malicious content into target] Inject malicious content into target utilizing vulnerable injection vectors identified in the Experiment phase
Weakness Name | |
---|---|
Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
Incomplete List of Disallowed Inputs The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
|
Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Related_Attack_Patterns | |
CAPEC Content Team | The MITRE Corporation | Updated Resources_Required | |
CAPEC Content Team | The MITRE Corporation | Updated Attacker_Skills_or_Knowledge_Required | |
CAPEC Content Team | The MITRE Corporation | Updated Consequences | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |