CAPEC-197: Exponential Data Expansion
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary submits data to a target application which contains nested exponential data expansion to produce excessively large output. Many data format languages allow the definition of macro-like structures that can be used to simplify the creation of complex structures. However, this capability can be abused to create excessive demands on a processor's CPU and memory. A small number of nested expansions can result in an exponential growth in demands on memory.
执行流程
步骤 1 Explore
[Survey the target] An adversary determines the input data stream that is being processed by a data parser that supports using subsitituion on the victim's side.
- Use an automated tool to record all instances of URLs to process requests.
- Use a browser to manually explore the website and analyze how the application processes requests.
步骤 2 Experiment
[Craft malicious payload] The adversary crafts a malicious message containing nested exponential expansion that completely uses up available server resources. See the "Example Instances" section for details on how to craft this malicious payload.
步骤 3 Exploit
[Send the message] Send the malicious crafted message to the target URL.
前提条件
- This type of attack requires that the target must receive input but either fail to provide an upper limit for entity expansion or provide a limit that is so large that it does not preclude significant resource consumption.
所需技能
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Availability
技术影响: Unreliable Execution
说明: Denial of Service
缓解措施
Design: Use libraries and templates that minimize unfiltered input. Use methods that limit entity expansion and throw exceptions on attempted entity expansion.
Implementation: For XML based data - disable altogether the use of inline DTD schemas when parsing XML objects. If a DTD must be used, normalize, filter and use an allowlist and parse with methods and routines that will detect entity expansion from untrusted sources.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| WASC | 44 | XML Entity Expansion |