|
Naziv
|
Resource Injection
|
|
Sažetak
|
An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
|
|
Preduvjeti
|
The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)
|
|
Rješenja
|
['Ensure all input content that is delivered to client is sanitized against an acceptable content specification.', 'Perform input validation for all content.', 'Enforce regular patching of software.']
|
