Resource Location Attacks
Attack Pattern ID: 154 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker utilizes discovered or crafted file path information for the purpose of locating and exploiting a security sensitive resource. This category of attack involves the paths used by an application to store or retrieve resources. Specifically, attacks in this category involve manipulating the path, causing the application to look in location unintended by the application maintainer, or determining the paths through prediction or lookup. This differs from File Manipulation attacks in which the contents of the files are affected or where the files themselves are physically moved. Instead, this attack simply concerns itself with the paths used to find or create resources.

+ Attack Prerequisites

None. All applications rely on file paths and so, in theory, they or their resources could be affected by this attack.

+ Resources Required

No special resources are required for most variants of this attack.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory262Resource Manipulation 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern38Leveraging/Manipulating Configuration File Search Paths 
Mechanism of Attack (primary)1000
ParentOfCategoryCategory126Path Traversal 
Mechanism of Attack1000
ParentOfAttack PatternAttack Pattern127Directory Indexing 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern150Common resource location exploration 
Mechanism of Attack (primary)1000