Data Excavation Attacks
Attack Pattern ID: 116 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker probes the target in a manner that is designed to solicit information relevant to system security. This is achieved by sending data that is syntactically invalid or non-standard relative to a given service, protocol, or expected-input, or by exploring the target via ordinary interactions for the purpose of gathering intelligence about the target. As a result the attacker is able to obtain information from the target that aids the attacker in making inferences about its security, configuration, or potential vulnerabilities. Some exchanges witht the target may trigger unhandled exceptions or verbose error messages. When this happens error messages may reveal information like stack traces, configuration information, path information, or database messages. This type of attack also includes manipulation of query strings in a URI, such as by attemtping to produce invalid SQL queries or by trying alternative path values, in the hope that the server will return useful information. This attack differs from Data Interception and other data collection attacks in that the attacker actively queries the target rather than simply watching for the target to reveal information.

+ Attack Prerequisites

Verbose error handling routines or components that provide the user feedback related to system or application properties.

+ Resources Required

A web browser or a client application capable of sending custom protocol messages, such as a MITM Proxy or a fuzzer, or a similar scanner or packet injection tool.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory118Data Leakage Attacks 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern54Probing an Application Through Targeting its Error Reporting 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern111JSON Hijacking (aka JavaScript Hijacking) 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern261Fuzzing for garnering (through web or log) other adjacent user/sensitive data as an authorized system user (overly broad but valid SQL queries) 
Mechanism of Attack (primary)1000