[Survey the application for user-controllable inputs] Using a browser, an automated tool or by inspecting the application, an adversary records all entry points to the application.
[Probe entry points to locate vulnerabilities] The adversary uses the entry points gathered in the "Explore" phase as a target list and injects various leading 'Ghost' character sequences to determine how to application filters them.
[Bypass input filtering] Using what the adversary learned about how the application filters input data, they craft specific input data that bypasses the filter. This can lead to directory traversal attacks, arbitrary shell command execution, corruption of files, etc.
Weakness Name | |
---|---|
Improper Handling of Alternate Encoding The product does not properly handle when an input uses an alternate encoding that is valid for the control sphere to which the input is being sent. |
|
Improper Resolution of Path Equivalence The product is vulnerable to file system contents disclosure through path equivalence. Path equivalence involves the use of special characters in file and directory names. The associated manipulations are intended to generate multiple names for the same object. |
|
Encoding Error The product does not properly encode or decode the data, resulting in unexpected values. |
|
Incorrect Behavior Order: Early Validation The product validates input before applying protection mechanisms that modify the input, which could allow an attacker to bypass the validation via dangerous inputs that only arise after the modification. |
|
Incorrect Behavior Order: Validate Before Canonicalize The product validates input before it is canonicalized, which prevents the product from detecting data that becomes invalid after the canonicalization step. |
|
Incorrect Behavior Order: Validate Before Filter The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step. |
|
Permissive List of Allowed Inputs The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses. |
|
Incomplete List of Disallowed Inputs The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete. |
|
Improper Input Validation The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
|
Incorrect Comparison The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
|
Improper Neutralization The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component. |
Name | Organization | Date | Date Release |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation |
Name | Organization | Date | Comment |
---|---|---|---|
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases, Description Summary, Payload | |
CAPEC Content Team | The MITRE Corporation | Updated Attack_Phases, Attacker_Skills_or_Knowledge_Required | |
CAPEC Content Team | The MITRE Corporation | Updated Mitigations | |
CAPEC Content Team | The MITRE Corporation | Updated Related_Weaknesses | |
CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |