CAPEC-201: Serialized Data External Linking
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary creates a serialized data file (e.g. XML, YAML, etc...) that contains an external data reference. Because serialized data parsers may not validate documents with external references, there may be no checks on the nature of the reference in the external data. This can allow an adversary to open arbitrary files or connections, which may further lead to the adversary gaining access to information on the system that they would normally be unable to obtain.
执行流程
步骤 1 Explore
[Survey the target] Using a browser or an automated tool, an adversary records all instances of web services that process requests with serialized data.
- Use an automated tool to record all instances of URLs that process requests with serialized data.
- Use a browser to manually explore the website and analyze how the application processes serialized data requests.
步骤 2 Exploit
[Craft malicious payload] The adversary crafts malicious data message that contains references to sensitive files.
步骤 3 Exploit
[Launch an External Linking attack] Send the malicious crafted message containing the reference to a sensitive file to the target URL.
前提条件
- The target must follow external data references without validating the validity of the reference target.
所需技能
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Confidentiality
技术影响: Read Data
缓解措施
Configure the serialized data processor to only retrieve external entities from trusted sources.