Improper input validation: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 06:21, 22 February 2011 edit Shajure (talk \| contribs) Extended confirmed users 2,185 edits The unsourced and unhelpful stuff, IMO needs to go, or it needs a rewrite and sourcing... but string exploits come and go daily, vary by language, OS, revision of each. ← Previous edit		Latest revision as of 02:39, 24 November 2022 edit undo 64.67.144.111 (talk) Undid revision 1114218016 by 82.41.68.100 (talk) Tag: Undo
(25 intermediate revisions by 12 users not shown)
Line 1: '''Improper input validation'''<ref name=":0">{{cite web \|work=[[Common Weakness Enumeration]] \|publisher=[[MITRE]] \|title=CWE-20: Improper Input Validation \|url=http://cwe.mitre.org/data/definitions/20.html \|date=December 13, 2010 \|accessdate=February 22, 2011}}</ref> or '''unchecked user input''' is a type of [[vulnerability (computing)\|vulnerability]] in [[computer software]] that may be used for [[security exploit]]s.<ref name=hacking>{{cite book\|title=Hacking: the art of exploitation\|series=No Starch Press Series\|publisher=Safari Books Online\|first=Jon\|last=Erickson\|edition=2, illustrated\|year=2008\|ISBN= 978-1-59327-144-2}}</ref> This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."<ref name=":0" /> ~~<!-- Please do not remove or change this AfD message until the issue is settled -->~~ ~~{{Article for deletion/dated\|page=String exploits\|timestamp=20110219225246\|year=2011\|month=February\|day=19\|substed=yes}}~~ ~~<!-- For administrator use only: {{Old AfD multi\|page=String exploits\|date=19 February 2011\|result='''keep'''}} -->~~ ~~<!-- End of AfD message, feel free to edit beyond this point -->~~ ~~{{Unreferenced\|date=December 2009}}~~ ~~{{Notability\|date=March 2008}}~~ ~~'''String exploits''' are [[security exploit]]s involving handling of [[String (computer science)\|string]] data in computer software.~~ Examples include: * [[Format string attack]] - unchecked <code>[[printf\|printf]]</code> format strings are dangerous<!-- If exception handling is not involved --> [[Buffer overflow]] ~~- Buffer overflows often occurs in unsafe string functions~~ * [[Cross-site scripting]] ~~- unsafe output of input strings~~ * [[Directory traversal]] ~~- concatenating strings to create a filename is not a good idea~~ * [[Null byte injection]] * [[SQL injection]] - concatenating strings to create a SQL statement is not a good idea * [[SQL injection]] * [[Uncontrolled format string]] == References == {{reflist}} {{security-software-stub}} ~~{{DEFAULTSORT:String Exploits}}~~ [[Category:Computer security exploits]]