Parameter Injection
Attack Pattern ID: 137 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker exploits weaknesses in input validation by manipulating the content of request parameters for the purpose of undermining the security of the target. Some parameter encodings use text characters as separators. For example, parameters in a HTTP GET message are encoded as name-value pairs separated by an ampersand (&). If an attacker can supply text strings that are used to fill in these parameters, then they can inject special characters used in the encoding scheme to add or modify parameters. For example, if user input is fed directly into an HTTP GET request and the user provides the value "myInput&new_param=myValue", then the input parameter is set to myInput, but a new parameter (new_param) is also added with a value of myValue. This can significantly change the meaning of the query that is processed by the server. Any encoding scheme where parameters are identified and separated by text characters is potentially vulnerable to this attack - the HTTP GET encoding used above is just one example.

+ Attack Prerequisites

The target application must use a parameter encoding where separators and parameter identifiers are expressed in regular text.

The target application must accept a string as user input, fail to sanitize characters that have a special meaning in the parameter encoding, and insert the user-supplied string in an encoding which is then processed.

+ Resources Required

No special resources are required beyond the ability to provide string input to the target.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory152Injection (Injecting Control Plane content through the Data Plane) 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern6Argument Injection 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern76Manipulating Input to File System Calls 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern174Flash Parameter Injection 
Mechanism of Attack (primary)1000