CAPEC-240: Resource Injection
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
前提条件
- The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)
后果影响
影响范围: Confidentiality
技术影响: Read Data
影响范围: Integrity
技术影响: Modify Data
缓解措施
Ensure all input content that is delivered to client is sanitized against an acceptable content specification.
Perform input validation for all content.
Enforce regular patching of software.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| OWASP Attacks | - | Resource Injection |