Wikipedia

Improper input validation: Difference between revisions

Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
avoid confusion (see talk)
Undid revision 1114218016 by 82.41.68.100 (talk)
 
(9 intermediate revisions by 9 users not shown)
Line 1:
'''Improper input validation'''<ref name=":0">{{cite web |work=[[Common Weakness Enumeration]] |publisher=[[MITRE]] |title=CWE-20: Improper Input Validation |url=http://cwe.mitre.org/data/definitions/20.html |date=December 13, 2010 |accessdate=February 22, 2011}}</ref> or '''unchecked user input''' is a type of [[vulnerability (computing)|vulnerability]] in [[computer software]] that may be used for [[security exploit]]s.<ref name=hacking>{{cite book|title=Hacking: the art of exploitation|series=No Starch Press Series|publisher=Safari Books Online|first=Jon|last=Erickson|Editionedition=2, illustrated|year=2008|ISBN= 9781593271442978-1-59327-144-2}}</ref> This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."<ref name=":0" />
 
Examples include:
* [[Format string attack]]
* [[Buffer overflow]]
* [[Cross-site scripting]]
* [[Directory traversal]]
* [[Null byte injection]]<ref>
* [[SQL injection]]
* [[Uncontrolled format string]]
* [[Null byte injection]]<ref>
{{cite web
| url = http://www.emagined.com/securityfocus-advisory/22831/mod-security-asciiz-byte-post-bypass-vulnerability
| title = Network security advisories article: Mod_Security ASCIIZ byte POST bypass Vulnerability
| date = July 15, 2008
| publisher = Emagined Security
| accessdate = February 22, 2011
}}
</ref>
 
== References ==
{{reflist}}
 
{{security-software -stub}}
 
{{DEFAULTSORT:String Exploits}}
[[Category:Computer security exploits]]
Retrieved from "https://en.wikipedia.org/wiki/Improper_input_validation"