Dark Mode
Capec-73 Detail
User-Controlled Filename
Standard Software Likelihood: High Typical Severity: High
Parents: 165
Threats: T68 T274 T393
An attack of this type involves an adversary inserting malicious characters (such as a XSS redirection) into a filename, directly or indirectly that is then used by the target software to generate HTML text or other potentially executable content. Many websites rely on user-generated content and dynamically build resources like files, filenames, and URL links directly from user supplied data. In this attack pattern, the attacker uploads code that can execute in the client browser and/or redirect the client browser to a site that the attacker owns. All XSS attack payload variants can be used to pass and exploit these vulnerabilities.
Not present
| External ID | Source | Link | Description |
|---|---|---|---|
| CAPEC-73 | capec | https://capec.mitre.org/data/definitions/73.html | |
| CWE-20 | cwe | http://cwe.mitre.org/data/definitions/20.html | |
| CWE-184 | cwe | http://cwe.mitre.org/data/definitions/184.html | |
| CWE-96 | cwe | http://cwe.mitre.org/data/definitions/96.html | |
| CWE-348 | cwe | http://cwe.mitre.org/data/definitions/348.html | |
| CWE-116 | cwe | http://cwe.mitre.org/data/definitions/116.html | |
| CWE-350 | cwe | http://cwe.mitre.org/data/definitions/350.html | |
| CWE-86 | cwe | http://cwe.mitre.org/data/definitions/86.html | |
| CWE-697 | cwe | http://cwe.mitre.org/data/definitions/697.html | |
| REF-1 | reference_from_CAPEC | G. Hoglund, G. McGraw, Exploiting Software: How to Break Code, 2004--02, Addison-Wesley |
Not present
- The victim must trust the name and locale of user controlled filenames.
Not present
| Low | High | Medium |
|---|---|---|
| To achieve a redirection and use of less trusted source, an attacker can simply edit data that the host uses to build the filename | ||
| Exploiting a client side vulnerability to inject malicious scripts into the browser's executable process. | ||
| Deploying a malicious "look-a-like" site (such as a site masquerading as a bank or online auction site) that the user enters their authentication data into. |
| Integrity | Availability | Authorization | Access Control | Confidentiality |
|---|---|---|---|---|
| Execute Unauthorized Commands (Run Arbitrary Code) | Execute Unauthorized Commands (Run Arbitrary Code) | Gain Privileges | Gain Privileges | Gain Privileges |
| Alter Execution Logic | Execute Unauthorized Commands (Run Arbitrary Code) | |||
| Read Data |
- Phishing attacks rely on a user clicking on links on that are supplied to them by attackers masquerading as a trusted resource such as a bank or online auction site. The end user's email client hosts the supplied resource name in this case via email. The resource name, however may either 1) direct the client browser to a malicious site to steal credentials and/or 2) execute code on the client machine to probe the victim's host system and network environment.