CAPEC-650 Metadata
Likelihood of Attack
Low
Typical Severity
High
Overview
Summary
By exploiting insufficient permissions, it is possible to upload a web shell to a web server in such a way that it can be executed remotely. This shell can have various capabilities, thereby acting as a "gateway" to the underlying web server. The shell might execute at the higher permission level of the web server, providing the ability the execute malicious code at elevated levels.
Prerequisites
The web server is susceptible to one of the various web application exploits that allows for uploading a shell file.
Potential Solutions / Mitigations
Make sure your web server is up-to-date with all patches to protect against known vulnerabilities. Ensure that the file permissions in directories on the web server from which files can be execute is set to the "least privilege" settings, and that those directories contents is controlled by an allowlist.
Related Weaknesses (CWE)
Related CAPECs
| CAPEC ID | Description |
|---|---|
| CAPEC-17 | An attack of this type exploits a system's configuration that allows an adversary to either directly access an executable file, for example through shell access; or in a possible worst case allows an adversary to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface. |
Taxonomy Mappings
Taxonomy: ATTACK
| Entry ID | Entry Name |
|---|---|
| 1505.003 | Server Software Component:Web Shell |
Stay Ahead of Attack Patterns
Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.