CAPEC-77: Manipulating User-Controlled Variables
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
执行流程
步骤 1 Explore
[Probe target application] The adversary first probes the target application to determine important information about the target. This information could include types software used, software versions, what user input the application consumes, and so on.
步骤 2 Experiment
[Find user-controlled variables] Using the information found by probing the application, the adversary attempts to manipulate many user-controlled variables and observes the effects on the application. If the adversary notices any significant changes to the application, they will know that a certain variable is useful to the application.
- Adversaries will try to alter many common variable names such as "count", "tempFile", "i", etc. The hope is that they can alter the flow of the application without knowing the inner-workings.
- Adversaries will try to alter known environment variables.
步骤 3 Exploit
[Manipulate user-controlled variables] Once the adversary has found a user-controller variable(s) that is important to the application, they will manipulate it to change the normal behavior in a way that benefits the adversary.
前提条件
- A variable consumed by the application server is exposed to the client.
- A variable consumed by the application server can be overwritten by the user.
- The application server trusts user supplied data to compute business logic.
- The application server does not perform proper input validation.
所需技能
后果影响
影响范围: Integrity
技术影响: Modify Data
影响范围: Confidentiality Integrity Availability
技术影响: Execute Unauthorized Commands
说明: Run Arbitrary Code
影响范围: Confidentiality
技术影响: Read Data
影响范围: Confidentiality Access Control Authorization
技术影响: Gain Privileges
缓解措施
A software system should be reluctant to trust variables that have been initialized outside of its trust boundary. Ensure adequate checking is performed when relying on input from outside a trust boundary.
Separate the presentation layer and the business logic layer. Variables at the business logic layer should not be exposed at the presentation layer. This is to prevent computation of business logic from user controlled input data.
Use encapsulation when declaring your variables. This is to lower the exposure of your variables.
Assume all input is malicious. Create an allowlist that defines all valid input to the software system based on the requirements specifications. Input that does not match against the allowlist should be rejected by the program.
示例实例
See also: File upload allows arbitrary file read by setting hidden form variables to match internal variable names (CVE-2000-0860)