File size: 6,111 Bytes
5fe70fd |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 |
{
"id": "bundle--3854e44a-10ea-4970-8e82-5db4b70ba65e",
"objects": [
{
"created": "2014-06-23T00:00:00.000Z",
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd",
"description": "An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.",
"external_references": [
{
"external_id": "CAPEC-87",
"source_name": "capec",
"url": "https://capec.mitre.org/data/definitions/87.html"
},
{
"external_id": "CWE-425",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/425.html"
},
{
"external_id": "CWE-285",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/285.html"
},
{
"external_id": "CWE-693",
"source_name": "cwe",
"url": "http://cwe.mitre.org/data/definitions/693.html"
},
{
"description": "Predictable Resource Location",
"external_id": "34",
"source_name": "WASC",
"url": "http://projects.webappsec.org/Predictable-Resource-Location"
},
{
"description": "Forced browsing",
"source_name": "OWASP Attacks",
"url": "https://owasp.org/www-community/attacks/Forced_browsing"
}
],
"id": "attack-pattern--00268a75-3243-477d-9166-8c78fddf6df6",
"modified": "2020-12-17T00:00:00.000Z",
"name": "Forceful Browsing",
"object_marking_refs": [
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d"
],
"type": "attack-pattern",
"x_capec_abstraction": "Standard",
"x_capec_child_of_refs": [
"attack-pattern--8f665166-dfd1-40cb-91e8-b78bee1ceb6a"
],
"x_capec_consequences": {
"Access_Control": [
"Bypass Protection Mechanism"
],
"Authorization": [
"Bypass Protection Mechanism"
],
"Confidentiality": [
"Read Data",
"Bypass Protection Mechanism"
]
},
"x_capec_domains": [
"Software"
],
"x_capec_example_instances": [
"\n <xhtml:p>A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.</xhtml:p>\n <xhtml:p>An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate themself in that role.</xhtml:p>\n "
],
"x_capec_execution_flow": "<h2> Execution Flow </h2><div><h3>Explore</h3><ol><li> <p> <b>Spider: </b>Using an automated tool, an attacker follows all public links on a web site. They record all the links they find.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Use a spidering tool to follow and record all links.</td></tr><tr><td>Use a proxy tool to record all links visited during a manual traversal of the web application.</td></tr></tbody></table></ol></div><div><h3>Experiment</h3><ol><li> <p> <b>Attempt well-known or guessable resource locations: </b>Using an automated tool, an attacker requests a variety of well-known URLs that correspond to administrative, debugging, or other useful internal actions. They record all the positive responses from the server.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Use a spidering tool to follow and record attempts on well-known URLs.</td></tr><tr><td>Use a proxy tool to record all links visited during a manual traversal of attempts on well-known URLs.</td></tr></tbody></table></ol></div><div><h3>Exploit</h3><ol><li> <p> <b>Use unauthorized resources: </b>By visiting the unprotected resource, the attacker makes use of unauthorized functionality.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Access unprotected functions and execute them.</td></tr></tbody></table><li> <p> <b>View unauthorized data: </b>The attacker discovers and views unprotected sensitive data.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Direct request of protected pages that directly access database back-ends. (e.g., list.jsp, accounts.jsp, status.jsp, etc.)</td></tr></tbody></table></ol></div>",
"x_capec_likelihood_of_attack": "High",
"x_capec_prerequisites": [
"The forcibly browseable pages or accessible resources must be discoverable and improperly protected."
],
"x_capec_resources_required": [
"None: No specialized resources are required to execute this type of attack. A directory listing is helpful, but not a requirement."
],
"x_capec_skills_required": {
"Low": "Forcibly browseable pages can be discovered by using a number of automated tools. Doing the same manually is tedious but by no means difficult."
},
"x_capec_status": "Draft",
"x_capec_typical_severity": "High",
"x_capec_version": "3.9"
}
],
"spec_version": "2.0",
"type": "bundle"
} |