Detailedseverity: HighDraft

CAPEC-650Upload a Web Shell to a Web Server

Abstraction
Detailed
Status
Draft
Severity
High

Description

By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.

Related weaknesses· 2

CWE-287CWE-553

MITRE ATT&CK crosswalk· 1

T1505.003: Server Software Component:Web Shell

Related attack patterns· 1

CAPEC-17 (ChildOf)

Exploits2

TypeTargetConfidenceTier
WeaknessImproper Authenticationcwe-287100%live
WeaknessCommand Shell in Externally Accessible Directorycwe-553100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueWeb Shellt1505.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Add Malicious File to Shared Webroot
CAPEC
Server Side Include (SSI) Injection
Sub-technique
Web Shell
CAPEC
Accessing Functionality Not Properly Constrained by ACLs
CAPEC
Manipulating Web Input to File System Calls
CAPEC
Privilege Abuse
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.