test_scratch
/
cti-ATT-CK-v13.1
/capec
/2.1
/attack-pattern
/attack-pattern--00268a75-3243-477d-9166-8c78fddf6df6.json
{ | |
"id": "bundle--d8d07399-8d5e-4b47-8eee-186f1a87f968", | |
"objects": [ | |
{ | |
"created": "2014-06-23T00:00:00.000Z", | |
"created_by_ref": "identity--e50ab59c-5c4f-4d40-bf6a-d58418d89bcd", | |
"description": "An attacker employs forceful browsing (direct URL entry) to access portions of a website that are otherwise unreachable. Usually, a front controller or similar design pattern is employed to protect access to portions of a web application. Forceful browsing enables an attacker to access information, perform privileged operations and otherwise reach sections of the web application that have been improperly protected.", | |
"external_references": [ | |
{ | |
"external_id": "CAPEC-87", | |
"source_name": "capec", | |
"url": "https://capec.mitre.org/data/definitions/87.html" | |
}, | |
{ | |
"external_id": "CWE-425", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/425.html" | |
}, | |
{ | |
"external_id": "CWE-285", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/285.html" | |
}, | |
{ | |
"external_id": "CWE-693", | |
"source_name": "cwe", | |
"url": "http://cwe.mitre.org/data/definitions/693.html" | |
}, | |
{ | |
"description": "Predictable Resource Location", | |
"external_id": "34", | |
"source_name": "WASC", | |
"url": "http://projects.webappsec.org/Predictable-Resource-Location" | |
}, | |
{ | |
"description": "Forced browsing", | |
"source_name": "OWASP Attacks", | |
"url": "https://owasp.org/www-community/attacks/Forced_browsing" | |
} | |
], | |
"id": "attack-pattern--00268a75-3243-477d-9166-8c78fddf6df6", | |
"modified": "2020-12-17T00:00:00.000Z", | |
"name": "Forceful Browsing", | |
"object_marking_refs": [ | |
"marking-definition--17d82bb2-eeeb-4898-bda5-3ddbcd2b799d" | |
], | |
"spec_version": "2.1", | |
"type": "attack-pattern", | |
"x_capec_abstraction": "Standard", | |
"x_capec_child_of_refs": [ | |
"attack-pattern--8f665166-dfd1-40cb-91e8-b78bee1ceb6a" | |
], | |
"x_capec_consequences": { | |
"Access_Control": [ | |
"Bypass Protection Mechanism" | |
], | |
"Authorization": [ | |
"Bypass Protection Mechanism" | |
], | |
"Confidentiality": [ | |
"Read Data", | |
"Bypass Protection Mechanism" | |
] | |
}, | |
"x_capec_domains": [ | |
"Software" | |
], | |
"x_capec_example_instances": [ | |
"\n <xhtml:p>A bulletin board application provides an administrative interface at admin.aspx when the user logging in belongs to the administrators group.</xhtml:p>\n <xhtml:p>An attacker can access the admin.aspx interface by making a direct request to the page. Not having access to the interface appropriately protected allows the attacker to perform administrative functions without having to authenticate themself in that role.</xhtml:p>\n " | |
], | |
"x_capec_execution_flow": "<h2> Execution Flow </h2><div><h3>Explore</h3><ol><li> <p> <b>Spider: </b>Using an automated tool, an attacker follows all public links on a web site. They record all the links they find.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Use a spidering tool to follow and record all links.</td></tr><tr><td>Use a proxy tool to record all links visited during a manual traversal of the web application.</td></tr></tbody></table></ol></div><div><h3>Experiment</h3><ol><li> <p> <b>Attempt well-known or guessable resource locations: </b>Using an automated tool, an attacker requests a variety of well-known URLs that correspond to administrative, debugging, or other useful internal actions. They record all the positive responses from the server.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Use a spidering tool to follow and record attempts on well-known URLs.</td></tr><tr><td>Use a proxy tool to record all links visited during a manual traversal of attempts on well-known URLs.</td></tr></tbody></table></ol></div><div><h3>Exploit</h3><ol><li> <p> <b>Use unauthorized resources: </b>By visiting the unprotected resource, the attacker makes use of unauthorized functionality.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Access unprotected functions and execute them.</td></tr></tbody></table><li> <p> <b>View unauthorized data: </b>The attacker discovers and views unprotected sensitive data.</p></li><table><tbody><tr><th>Techniques</th></tr><tr><td>Direct request of protected pages that directly access database back-ends. (e.g., list.jsp, accounts.jsp, status.jsp, etc.)</td></tr></tbody></table></ol></div>", | |
"x_capec_likelihood_of_attack": "High", | |
"x_capec_prerequisites": [ | |
"The forcibly browseable pages or accessible resources must be discoverable and improperly protected." | |
], | |
"x_capec_resources_required": [ | |
"None: No specialized resources are required to execute this type of attack. A directory listing is helpful, but not a requirement." | |
], | |
"x_capec_skills_required": { | |
"Low": "Forcibly browseable pages can be discovered by using a number of automated tools. Doing the same manually is tedious but by no means difficult." | |
}, | |
"x_capec_status": "Draft", | |
"x_capec_typical_severity": "High", | |
"x_capec_version": "3.9" | |
} | |
], | |
"type": "bundle" | |
} |