Attack Patterns

The following is an index of the attack patterns mentioned in Exploiting Software:

  • Make the Client Invisible 150
  • Target Programs That Write to Privileged OS Resources 152
  • Use a User-Supplied Configuration File to Run Commands That Elevate Privilege 153
  • Make Use of Configuration File Search Paths 156
  • Direct Access to Executable Files 162
  • Embedding Scripts within Scripts 164
  • Leverage Executable Code in Nonexecutable Files 165
  • Argument Injection 169
  • Command Delimiters 172
  • Multiple Parsers and Double Escapes 173
  • User-Supplied Variable Passed to File System Calls 185
  • Postfix NULL Terminator 186
  • Postfix, Null Terminate, and Backslash 186
  • Relative Path Traversal 187
  • Client-Controlled Environment Variables 189
  • User-Supplied Global Variables (DEBUG=1, PHP Globals, and So Forth) 190
  • Session ID, Resource ID, and Blind Trust 192
  • Analog In-Band Switching Signals (aka "Blue Boxing") 205
  • Manipulating Terminal Devices (Fragment) 210
  • Simple Script Injection 214
  • Embedding Script in Nonscript Elements 215
  • XSS in HTTP Headers 216
  • HTTP Query Strings 216
  • User-Controlled Filename 217
  • Passing Local Filenames to Functions That Expect a URL 225
  • Meta-characters in E-mail Header 226
  • File System Function Injection, Content Based 229
  • Client-side Injection, Buffer Overflow 231
  • Cause Web Server Misclassification 263
  • Alternate Encoding the Leading Ghost Characters 267
  • Using Slashes in Alternate Encoding 268
  • Using Escaped Slashes in Alternate Encoding 270
  • Unicode Encoding 271
  • UTF-8 Encoding 273
  • URL Encoding 273
  • Alternative IP Addresses 274
  • Slashes and URL Encoding Combined 274
  • Web Logs 275
  • Overflow Binary Resource File 293
  • Overflow Variables and Tags 294
  • Overflow Symbolic Links 294
  • MIME Conversion 295
  • HTTP Cookies 295
  • Filter Failure through Buffer Overflow 296
  • Buffer Overflow with Environment Variables 297
  • Buffer Overflow in an API Call 297
  • Buffer Overflow in Local Command-Line Utilities 297
  • Parameter Expansion 298
  • String Format Overflow in syslog() 324