An attacker changes the behavior or state of a targeted application through injecting data or command syntax through the targets use of non-validated and non-filtered arguments of exposed services or methods.

How does a Argument Injection attack work?

It typically unfolds over 3 phases. It begins with: [Discovery of potential injection vectors] Using an automated tool or manual discovery, the attacker identifies services or methods with arguments that could potentially be used as injection vectors (OS, API, SQL procedures, etc.).

How do you prevent CAPEC-6?

Design: Do not program input values directly on command shell, instead treat user input as guilty until proven innocent. Build a function that takes user input and converts it to applications specific types and values, stripping or filtering out all unauthorized commands and characters in the process.

What weaknesses does CAPEC-6 target?

CAPEC-6 exploits 6 CWE weaknesses, including CWE-74 (Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')), CWE-78 (Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')), CWE-146 (Improper Neutralization of Expression/Command Delimiters), CWE-184 (Incomplete List of Disallowed Inputs).

How severe is CAPEC-6?

MITRE rates CAPEC-6 as High severity with high likelihood of attack.

CAPEC-6: Argument Injection

How the attack works

The phases an attacker typically follows to carry out this attack.

Step 1
Explore
[Discovery of potential injection vectors] Using an automated tool or manual discovery, the attacker identifies services or methods with arguments that could potentially be used as injection vectors (OS, API, SQL procedures, etc.).
- Manually cover the application and record the possible places where arguments could be passed into external systems.
- Use a spider, for web applications, to create a list of URLs and associated inputs.
Step 2
Experiment
[1. Attempt variations on argument content] Possibly using an automated tool, the attacker will perform injection variations of the arguments.
- Use a very large list of probe strings in order to detect if there is a positive result, and, what type of system has been targeted (if obscure).
- Use a proxy tool to record results, error messages and/or log if accessible.
Step 3
Exploit
[Abuse of the application] The attacker injects specific syntax into a particular argument in order to generate a specific malicious effect in the targeted application.
- Manually inject specific payload into targeted argument.

How the attack works

CAPEC-6: Argument Injection

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Frequently asked questions

What is CAPEC-6?

How does a Argument Injection attack work?

How do you prevent CAPEC-6?

What weaknesses does CAPEC-6 target?

How severe is CAPEC-6?

References

Defend against CAPEC-6

How the attack works

Overview

How the attack works

What the attacker needs

Prerequisites

Skills required

Resources required

Consequences

How to mitigate it

Examples

Related weaknesses

Related attack patterns

Parent

Frequently asked questions

What is CAPEC-6?

How does a Argument Injection attack work?

How do you prevent CAPEC-6?

What weaknesses does CAPEC-6 target?

How severe is CAPEC-6?

References

Defend against CAPEC-6