CAPEC-472
Avviso per un CAPEC specifico
Rimani informato su qualsiasi modifica relativa a un CAPEC specifico.
Descrizioni CAPEC
An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
Informazioni CAPEC
Prerequisiti
Victim's browser visits a website that contains attacker's Java ScriptJava Script is not disabled in the victim's browserMitigazioni
Configuration: Disable Java Script in the browserVulnerabilità correlate
| Nome della vulnerabilità | |
|---|---|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
Riferimenti
REF-410
Detecting browsers javascript hacksGareth Heyes.
http://www.thespanner.co.uk/2009/01/29/detecting-browsers-javascript-hacks/
Invio
| Nome | Organizzazione | Data | Data di rilascio |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifiche
| Nome | Organizzazione | Data | Commento |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Example_Instances |
