Fuzzing and observing application log data/errors for application mapping
Attack Pattern ID: 215 (Detailed Attack Pattern Completeness: Stub)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

+ Attack Prerequisites

The target application must fail to sanitize incoming messages adequately before processing.

+ Resources Required

The attacker must have sufficient access to send messages to the target. The attacker must also have the ability to observe the target application's log and/or error messages in order to collect information about the target. Fuzzing tools, which automatically generate and send message variants, are necessary for this attack.

+ Related Weaknesses
CWE-IDWeakness NameWeakness Relationship Type
209Information Exposure Through an Error MessageTargeted
+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern54Probing an Application Through Targeting its Error Reporting 
Mechanism of Attack (primary)1000
ChildOfCategoryCategory216Abuse of Communication Channels 
Mechanism of Attack (primary)1000