- What is CAPEC-77?
- This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
- How does a Manipulating User-Controlled Variables attack work?
- It typically unfolds over 3 phases. It begins with: [Probe target application] The adversary first probes the target application to determine important information about the target. This information could include types software used, software versions, what user input the application consumes, and so on.
- How do you prevent CAPEC-77?
- Do not allow override of global variables and do Not Trust Global Variables. If the register_globals option is enabled, PHP will create global variables for each GET, POST, and cookie variable included in the HTTP request. This means that a malicious user may be able to set variables unexpectedly. For instance make sure that the server setting for PHP does not expose global variables.
- What weaknesses does CAPEC-77 target?
- CAPEC-77 exploits 7 CWE weaknesses, including CWE-15 (External Control of System or Configuration Setting), CWE-94 (Improper Control of Generation of Code ('Code Injection')), CWE-96 (Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')), CWE-285 (Improper Authorization).
- How severe is CAPEC-77?
- MITRE rates CAPEC-77 as Very High severity with high likelihood of attack.