|
A '''stringImproper exploitinput validation'''<ref>{{cite is aweb |work=[[securityCommon exploitWeakness Enumeration]] involving|publisher=[[MITRE]] |title=CWE-20: Improper Input Validation |url=http://cwe.mitre.org/data/definitions/20.html |date=December 13, 2010 |accessdate=February 22, 2011}}</ref> or '''unchecked user input''' is a handlingtype of [[Stringvulnerability (computer sciencecomputing)|stringvulnerability]] data in [[computer software]] that may be used for [[security exploit]]s.<ref name=hacking>{{cite book|title=Hacking: the art of exploitation|series=No Starch Press Series|publisher=Safari Books Online|first=Jon|last=Erickson|Edition=2, illustrated|year=2008|ISBN= 9781593271442}}</ref><ref>
{{cite web
| url = http://www.derkeiler.com/pdf/Mailing-Lists/securityfocus/pen-test/2003-02/0152.pdf
| title = SecurityFocus penetration: The Building of an exploit string
| date = February 27, 2003
| publisher = derkeiler.com
| accessdate = February 22, 2011
}}
</ref><ref>
{{cite web
| url = http://security.ece.cmu.edu/aeg/aeg-current.pdf
| title = AEG: Automatic Exploit Generation
| author = Thanassis Avgerinos, Sang Kil Cha, Brent Lim Tze Hao, and David Brumley
| date = 2010
| ___location = Pittsburgh
| publisher = ece.cmu.edu
| quote = The exploit string can be directly fed into the vulnerable application...
| accessdate = February 22, 2011
}}
</ref>
Examples include:
* Unchecked user input or Improper input validation<ref>{{cite web |work=[[Common Weakness Enumeration]] |publisher=[[MITRE]] |title=CWE-20: Improper Input Validation |date=December 13, 2010 |accessdate=February 22, 2011}}</ref>
* [[Format string attack]]
* [[Buffer overflow]]
== References ==
{{reflist}}
{{software stub}}
{{DEFAULTSORT:String Exploits}}
| 