CAPEC-58: Restful Privilege Elevation
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary identifies a Rest HTTP (Get, Put, Delete) style permission method allowing them to perform various malicious actions upon server data due to lack of access control mechanisms implemented within the application service accepting HTTP messages.
前提条件
- The attacker needs to be able to identify HTTP Get URLs. The Get methods must be set to call applications that perform operations other than get such as update and delete.
所需技能
后果影响
影响范围: Integrity
技术影响: Modify Data
影响范围: Confidentiality Access Control Authorization
技术影响: Gain Privileges
缓解措施
Design: Enforce principle of least privilege
Implementation: Ensure that HTTP Get methods only retrieve state and do not alter state on the server side
Implementation: Ensure that HTTP methods have proper ACLs based on what the functionality they expose
示例实例
The HTTP Get method is designed to retrieve resources and not to alter the state of the application or resources on the server side. However, developers can easily code programs that accept a HTTP Get request that do in fact create, update or delete data on the server. Both Flickr (http://www.flickr.com/services/api/flickr.photosets.delete.html) and del.icio.us (http://del.icio.us/api/posts/delete) have implemented delete operations using standard HTTP Get requests. These HTTP Get methods do delete data on the server side, despite being called from Get which is not supposed to alter state.