DetailedDraft

CAPEC-563Add Malicious File to Shared Webroot

Abstraction
Detailed
Status
Draft

Description

An adversaries may add malicious content to a website through the open file share and then browse to that content with a web browser to cause the server to execute the content. The malicious content will typically run under the context and permissions of the web server process, often resulting in local system or administrative privileges depending on how the web server is configured.

Related weaknesses· 1

CWE-284

Related attack patterns· 1

CAPEC-17 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessImproper Access Controlcwe-284100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Modify Shared File
CAPEC
Upload a Web Shell to a Web Server
CAPEC
Using Malicious Files
CAPEC
Manipulating Web Input to File System Calls
CAPEC
File Content Injection
CAPEC
PHP Remote File Inclusion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.