File Manipulation
Attack Pattern ID: 165 (Standard Attack Pattern Completeness: Stub)Typical Severity: MediumStatus: Draft
+ Description

Summary

An attacker modifies file contents or attributes (such as extensions or names) of files in a manner to cause incorrect processing by an application. Attackers use this class of attacks to cause applications to enter unstable states, overwrite or expose sensitive information, and even execute arbitrary code with the application's privileges. This class of attacks differs from attacks on configuration information (even if file-based) in that file manipulation causes the file processing to result in non-standard behaviors, such as buffer overflows or use of the incorrect interpreter. Configuration attacks rely on the application interpreting files correctly in order to insert harmful configuration information. Likewise, resource location attacks rely on controlling an application's ability to locate files, whereas File Manipulation attacks do not require the application to look in a non-default location, although the two classes of attacks are often combined.

+ Attack Prerequisites

The target must use the affected file without verifying its integrity.

+ Resources Required

No special resources are required for most variants of this attack. In some cases, tools are needed to better control the response of the targeted application to the modified file.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfCategoryCategory262Resource Manipulation 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern11Cause Web Server Misclassification 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern17Accessing, Modifying or Executing Executable Files 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern23File System Function Injection, Content Based 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern35Leverage Executable Code in Nonexecutable Files 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern44Overflow Binary Resource File 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern73User-Controlled Filename 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern177Create files with the same name as files protected with a higher classification 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern263Force Use of Corruped Files 
Mechanism of Attack (primary)1000