CAPEC - CAPEC-73: User-Controlled Filename (Release 2.0)

Home > CAPEC List > CAPEC-73: User-Controlled Filename (Release 2.0)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List
T-Shirt
Contact Us

News & Events
Calendar
Free Newsletter

Compatibility
Program
Requirements
Participants
Make a Declaration

Search the Site

CAPEC-73: User-Controlled Filename

User-Controlled Filename

Attack Pattern ID: 73 (Standard Attack Pattern Completeness: Complete)

Typical Severity: High

Status: Draft

Description

Summary

An attack of this type involves an attacker inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.

Attack Prerequisites

The victim must trust the name and locale of user controlled filenames.

Typical Likelihood of Exploit

Likelihood: High

Methods of Attack

Modification of Resources

Examples-Instances

Description

Phishing attacks rely on a user clicking on links on that are supplied to them by attackers masquerading as a trusted resource such as a bank or online auction site. The end user's email client hosts the supplid resource name in this case via email. The resource name, however may either 1) direct the client browser to a malicious site to steal credentical and/or 2) execute code on the client machine to probe the victim's host system and network environment.

Attacker Skills or Knowledge Required

Skill or Knowledge Level: Low

To achieve a redirection and use of less trusted source, an attacker can simply edit data that the host uses to build the filename

Skill or Knowledge Level: Medium

Deploying a malicious "look a like" site (such as a site masquerading as a bank or online auction site) that the user enters their authentication data into.

Skill or Knowledge Level: High

Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process.

Solutions and Mitigations

Design: Use browser technologies that do not allow client side scripting.

Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.

Implementation: Perform input validation for all remote content.

Implementation: Perform output validation for all remote content.

Implementation: Disable scripting languages such as Javascript in browser

Implementation: Scan dynamically generated content against validation specification

Attack Motivation-Consequences

Scope	Technical Impact	Note
Confidentiality Access_Control Authorization	Gain privileges / assume identity
Confidentiality Integrity Availability	Execute unauthorized code or commands
Availability	Alter execution logic
Confidentiality	Read application data

Injection Vector

Payload delivered through user controlled filename.

Payload

Command(s) executed directly on host

Activation Zone

Client machine and client network

Payload Activation Impact

Description

Enables attacker to execute server side code with any commands that the program owner has privileges to.

Related Weaknesses

CWE-ID	Weakness Name	Weakness Relationship Type
20	Improper Input Validation	Targeted
184	Incomplete Blacklist	Secondary
96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')	Targeted
348	Use of Less Trusted Source	Targeted
116	Improper Encoding or Escaping of Output	Targeted
350	Improperly Trusted Reverse DNS	Targeted
86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages	Secondary
697	Insufficient Comparison	Targeted

Related Attack Patterns

Nature	Type	ID	Name	Description	View(s) this relationship pertains to
ChildOf	Attack Pattern	63	Simple Script Injection		Mechanism of Attack1000
ChildOf	Attack Pattern	165	File Manipulation		Mechanism of Attack (primary)1000

Purposes

Penetration
Exploitation

CIA Impact

Confidentiality Impact: High

Integrity Impact: High

Availability Impact: High

Technical Context

Architectural Paradigms	All
Frameworks	All
Platforms	All
Languages	All

References

G. Hoglund and G. McGraw. "Exploiting Software: How to Break Code". Addison-Wesley. February 2004.

Content History

Submissions
Submitter	Organization	Date
G. Hoglund and G. McGraw. Exploiting Software: How to Break Code. Addison-Wesley, February 2004.	Cigital, Inc	2007-01-01

Modifications
Modifier	Organization	Date	Comments
Gunnar Peterson	Cigital, Inc	2007-02-28	Fleshed out content to CAPEC schema from the original descriptions in "Exploiting Software"
Sean Barnum	Cigital, Inc	2007-03-09	Review and revise
Richard Struse	VOXEM, Inc	2007-03-26	Review and feedback leading to changes in Related Attack Patterns
Sean Barnum	Cigital, Inc	2007-04-13	Modified pattern content according to review and feedback

Page Last Updated: May 18, 2012


	CAPEC is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2007 - 2013, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us

Common Attack Pattern Enumeration and Classification

CAPEC-73: User-Controlled Filename