CAPEC Details
Name Resource Injection
Likelyhood of attack Typical severity
High High
Summary An adversary exploits weaknesses in input validation by manipulating resource identifiers enabling the unintended modification or specification of a resource.
Prerequisites The target application allows the user to both specify the identifier used to access a system resource. Through this permission, the user gains the capability to perform actions on that resource (e.g., overwrite the file)
Solutions Ensure all input content that is delivered to client is sanitized against an acceptable content specification. Perform input validation for all content. Enforce regular patching of software.
Related Weaknesses
CWE ID Description
CWE-99 Improper Control of Resource Identifiers ('Resource Injection')
Taxonomy: OWASP Attacks
Entry ID Entry Name
Link Resource Injection