| Nature | Type | ID | Name |
|---|---|---|---|
| ChildOf | S | 150 | Collect Data from Common Resource Locations |
| CanFollow | D | 149 | Explore for Predictable Temporary File Names |
Look for temporary files in target application
An adversary will try to discover temporary files in a target application. Knowledge of where the temporary files are being stored is important information.
| Technique |
|---|
Attempt to read temporary files
An adversary will attempt to read any temporary files they may have discovered through normal means.
| Technique |
|---|
| Attempt to get the file by querying the file path to a web server |
| Using a remote shell into an application, read temporary files and send out information remotely if necessary |
| Recover temporary information from a user's browser cache |
Use function weaknesses to gain access to temporary files
If normal means to read temporary files did not work, an adversary will attempt to exploit weak temporary file functions to gain access to temporary files.
| Technique |
|---|
| Some C functions such as tmpnam(), tempnam(), and mktemp() will create a temporary file with a unique name, but do not stop an adversary from creating a file of the same name before it is opened by the application. Because these functions do not create file names that are sufficiently random, an adversary will try to make a file of the same name, causing a collision, and possibly altering file permissions for the temporary file so that it is able to be read. |
| Similar to the last technique, an adversary might also create a file name collision using a linked file in a unix system such that the temporary file contents written out by the application write to a file of the adversaries choosing, allowing them to read the file contents. |
| Scope | Likelihood | Impact | Note |
|---|
| Taxonomy Name | Entry ID | Entry Name |
|---|