General Information

Reflected File Download

Variants:
Direct Persistent Multiphase Session 

Also Known As:
Malicious File Download

Vector Type:
Attack

Relevance:
Generic

Layer:
Application-Level

Platforms:
Any

Target Type:
Web Application

Affected Mechanisms:
Input Validation, Hardening

Invented In:
17/10/2014

Added In:
10/12/2014


Vector Operation Method:
Attackers can abuse path parameters and insecure content type headers to misled users into downloading malicious files crafted on-the-fly from trusted websites.


Direct Variant:

RFD

Also Known As:
Reflected File Download

Typical Severity:
Major

Resources:

White Papers:

Learn More:





Persistent Variant:

Stored RFD

Also Known As:
Persistent Reflected File Download

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Multiphase Variant:

Multiphase RFD

Also Known As:
Multiphase Reflected File Download

Typical Severity:
Major

Resources:

White Papers:

Learn More:


Session Variant:

RFD via Session Puzzling

Also Known As:
Reflected File Download via Session Puzzling

Typical Severity:
Major

Resources:

White Papers:

Learn More: