An adversary exploits a weakness on the target to force arbitrary code to be retrieved locally or from a remote location and executed. This differs from code injection in that code injection involves the direct inclusion of code while code inclusion involves the addition or replacement of a reference to a code file, which is subsequently loaded by the target and used as part of the code of some application.
|
|
| ID | CAPEC-175 |
| Latest Sync Date | 11/05/25 15:15:38 |
| Original ID | 175 |
| Abstraction | Meta |
| Status | Stable |
| Alternate Terms | |
| Likelihood Of Attack | Medium |
| Typical Severity | Very High |
| Related Attack Patterns | |
| Execution Flow | |
| Prerequisites | ::The target application must include external code/libraries that are executed when the application runs and the adversary must be able to influence the specific files that get included.::The victim must run the targeted application, possibly using the crafted parameters that the adversary uses to identify the code to include.:: |
| Skills Required | |
| Resources Required | ::The adversary may need the capability to host code modules if they wish their own code files to be included.:: |
| Indicators | |
| Consequences | |
| Mitigations | |
| Example Instances | ::One example of this type of attack pattern is PHP file include attacks where the parameter of an include() function is set by a variable that an attacker is able to control. The result is that arbitrary code could be loaded into the PHP application and executed.:: |
| Related Weaknesses | ::829:: |
| Taxonomy Mappings | |
| Notes | |