ByteOS Network

CAPEC-73:User-Controlled Filename

Attack Pattern ID:73

Version:v3.9

Attack Pattern Name:User-Controlled Filename

Abstraction:Standard

Status:Draft

Likelihood of Attack:High

Typical Severity:High

Details Content History Related Weaknesses Reports

▼Description

An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.

▼Relationships

Nature	Type	ID	Name
ChildOf	M	165	File Manipulation
CanPrecede	D	592	Stored XSS

Nature: ChildOf

Type: Meta

ID: 165

Name: File Manipulation

Nature: CanPrecede

Type: Detailed

ID: 592

Name: Stored XSS

▼Prerequisites

The victim must trust the name and locale of user controlled filenames.

▼Skills Required

Low

To achieve a redirection and use of less trusted source, an attacker can simply edit data that the host uses to build the filename

Medium

Deploying a malicious "look-a-like" site (such as a site masquerading as a bank or online auction site) that the user enters their authentication data into.

High

Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process.

▼Consequences

Scope	Likelihood	Impact	Note
ConfidentialityAccess ControlAuthorization	N/A	Gain Privileges	N/A
ConfidentialityIntegrityAvailability	N/A	Execute Unauthorized Commands	Run Arbitrary Code
Availability	N/A	Alter Execution Logic	N/A
Confidentiality	N/A	Read Data	N/A

Scope: Confidentiality, Access Control, Authorization

Likelihood: N/A

Impact: Gain Privileges

Note: N/A

Scope: Confidentiality, Integrity, Availability

Likelihood: N/A

Impact: Execute Unauthorized Commands

Note: Run Arbitrary Code

Scope: Availability

Likelihood: N/A

Impact: Alter Execution Logic

Note: N/A

Scope: Confidentiality

Likelihood: N/A

Impact: Read Data

Note: N/A

▼Mitigations

Design: Use browser technologies that do not allow client side scripting.

Implementation: Ensure all content that is delivered to client is sanitized against an acceptable content specification.

Implementation: Perform input validation for all remote content.

Implementation: Perform output validation for all remote content.

Implementation: Disable scripting languages such as JavaScript in browser

Implementation: Scan dynamically generated content against validation specification

▼Example Instances

▼Related Weaknesses

ID	Name
CWE-116	Improper Encoding or Escaping of Output
CWE-184	Incomplete List of Disallowed Inputs
CWE-20	Improper Input Validation
CWE-348	Use of Less Trusted Source
CWE-350	Reliance on Reverse DNS Resolution for a Security-Critical Action
CWE-697	Incorrect Comparison
CWE-86	Improper Neutralization of Invalid Characters in Identifiers in Web Pages
CWE-96	Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')