Prerequisites
The target must collect information from the user in a series of forms where each form has its own URL that the attacker can anticipate and the application must fail to detect attempts to access intermediate forms without first filling out the previous forms.
Resources Required
None: No specialized resources are required to execute this type of attack.
Related Weaknesses
CWE-ID |
Weakness Name |
|
Incomplete Internal State Distinction The product does not properly determine which state it is in, causing it to assume it is in state X when in fact it is in state Y, causing it to perform incorrect operations in a security-relevant manner. |
Submission
Name |
Organization |
Date |
Date release |
CAPEC Content Team |
The MITRE Corporation |
2014-06-23 +00:00 |
|
Modifications
Name |
Organization |
Date |
Comment |
CAPEC Content Team |
The MITRE Corporation |
2017-08-04 +00:00 |
Updated Resources_Required |
CAPEC Content Team |
The MITRE Corporation |
2019-04-04 +00:00 |
Updated Related_Weaknesses |
CAPEC Content Team |
The MITRE Corporation |
2020-07-30 +00:00 |
Updated Related_Attack_Patterns |