{'xhtml:p': ['The adversary modifies state information maintained by the target software or causes a state transition in hardware. If successful, the target will use this tainted state and execute in an unintended manner.', 'State management is an important function within a software application. User state maintained by the application can include usernames, payment information, browsing history as well as application-specific contents such as items in a shopping cart. Manipulating user state can be employed by an adversary to elevate privilege, conduct fraudulent transactions or otherwise modify the flow of the application to derive certain benefits.', 'If there is a hardware logic error in a finite state machine, the adversary can use this to put the system in an undefined state which could cause a denial of service or exposure of secure data.']}
Description
Attack Execution Flow
Step 1
ExploreAdversary determines the nature of state management employed by the target. This includes determining the location (client-side, server-side or both applications) and possibly the items stored as part of user state.
L'adversario determina la natura della gestione dello stato impiegata dal bersaglio. Ciò include la determinazione della posizione (client-side, server-side o entrambe le applicazioni) e possibilmente gli elementi memorizzati come parte dello stato utente.
Step 2
ExperimentThe adversary now tries to modify the user state contents (possibly indiscriminately if the contents are encrypted or otherwise obfuscated) or cause a state transition and observe the effects of this change on the target.
L'avversario tenta ora di modificare il contenuto dello stato utente (possibilmente in modo indiscriminato se i contenuti sono crittografati o altrimenti offuscati) o di causare una transizione di stato e osservare gli effetti di questa modifica sul bersaglio.
Step 3
ExploitHaving determined how to manipulate the state, the adversary can perform illegitimate actions.
Dopo aver determinato come manipolare lo stato, l'avversario può eseguire azioni illecite.