Improper input validation: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 06:54, 27 December 2006 edit SmackBot (talk \| contribs) 3,734,324 edits m replace deprecated tmeplate using AWB ← Previous edit		Latest revision as of 02:39, 24 November 2022 edit undo 64.67.144.111 (talk) Undid revision 1114218016 by 82.41.68.100 (talk) Tag: Undo
(42 intermediate revisions by 25 users not shown)
Line 1: '''Improper input validation'''<ref name=":0">{{cite web \|work=[[Common Weakness Enumeration]] \|publisher=[[MITRE]] \|title=CWE-20: Improper Input Validation \|url=http://cwe.mitre.org/data/definitions/20.html \|date=December 13, 2010 \|accessdate=February 22, 2011}}</ref> or '''unchecked user input''' is a type of [[vulnerability (computing)\|vulnerability]] in [[computer software]] that may be used for [[security exploit]]s.<ref name=hacking>{{cite book\|title=Hacking: the art of exploitation\|series=No Starch Press Series\|publisher=Safari Books Online\|first=Jon\|last=Erickson\|edition=2, illustrated\|year=2008\|ISBN= 978-1-59327-144-2}}</ref> This vulnerability is caused when "[t]he product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."<ref name=":0" /> ~~{{Cleanup\|March 2006}}~~ Examples include: [[String (computer science)\|String]] programming is believed to be easy by programmers. This is hower not the case: several implementation / design flaws are associated with string programming, some of those are associated with security exploits. * [[Buffer overflow]] * [[Cross -site scripting]] ~~- unsafe output of input strings~~▼ * [[Directory traversal]] * [[Null byte injection]] * [[SQL injection]] * [[Uncontrolled format string]] == References == ~~== Canonicalization problems ==~~ {{reflist}} {{security-software-stub}} ~~Software programmers often assume that strings are canonical. This a fallacy.~~ [[Category:~~Security~~Computer security exploits]]▼ ~~=== Example: HTML tags are not canonical ===~~ ~~Fallacy:~~ ~~"<code><nowiki><script></nowiki></code>" can only be written as "<code><nowiki><script></nowiki></code>"~~ ~~This is not true. Many HTML processors will accept "<code><nowiki><</nowiki>'''SPACE'''<nowiki>script></nowiki></code>" or "<code><nowiki><</nowiki>'''NUL'''<nowiki>script></nowiki></code>"~~ ~~== Concatenation problems ==~~ ~~A lot of people believe that~~ ~~String1 + User_Input_String + String2~~ ~~will behave in some sort of controlled manner. This is not true.~~ ~~=== String termination ===~~ ~~In many environments, it is possible to truncate the string with clever input.~~ * PHP: '''%00''' (NUL) can terminate strings, when used for API calls. * Oracle: '''CHR(0)''' (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE. ~~=== Comment out characters ===~~ ~~In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters.~~ * Many languages: '''/''' means ingore everything until a '''/''' combination. * SQL: '''--''' means ignore rest of line * Unix shells: '''#''' means ignore rest of line ~~== Related articles (other string problems) ==~~ * [[Format string attack]] - printf format strings are dangerous [[Buffer overflow]] - Buffer overflows often occurs in unsafe string functions ▲* [[Cross site scripting]] - unsafe output of input strings * [[Directory traversal]] - concatenating strings to create a filename is not a good idea * [[SQL injection]] - concatenating strings to create a SQL statement is not a good idea ▲[[Category:Security exploits]]