Dark Mode

Settings

Capec-253 Detail

Remote Code Inclusion

Standard Software

Parents: 175

Children: 101 193 500

Threats: T290

Description

The attacker forces an application to load arbitrary code files from a remote location. The attacker could use this to try to load old versions of library files that have known vulnerabilities, to load malicious files that the attacker placed on the remote machine, or to otherwise change the functionality of the targeted application in unexpected ways.

Not present

External ID Source Link Description
CAPEC-253 capec https://capec.mitre.org/data/definitions/253.html
CWE-829 cwe http://cwe.mitre.org/data/definitions/829.html
05 WASC http://projects.webappsec.org/Remote-File-Inclusion Remote File Inclusion
REF-614 reference_from_CAPEC https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/07-Input_Validation_Testing/11.2-Testing_for_Remote_File_Inclusion.html OWASP Web Security Testing Guide, The Open Web Application Security Project (OWASP)

Not present

  1. Target application server must allow remote files to be included.The malicious file must be placed on the remote machine previously.

Not present

Not present

Not present

Not present

We use cookies to ensure you get the best experience on our website.