| Name |
Resource Injection |
|
| Likelyhood of attack |
Typical severity |
| High |
High |
|
| Summary |
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource. |
| Prerequisites |
The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file) |
| Solutions | Ensure all input content that is delivered to client is sanitized against an acceptable content specification. Perform input validation for all content. Enforce regular patching of software. |
| Related Weaknesses |
|
CWE ID
|
Description
|
| CWE-99 |
Improper Control of Resource Identifiers ('Resource Injection') |
|
| Taxonomy: OWASP Attacks |
|
Entry ID
|
Entry Name
|
| Link |
Resource Injection |
|