CWE-564 SQL注入:Hibernate

admin 2021年12月4日16:21:49CWE(弱点枚举)评论20 views2078字阅读6分55秒阅读模式

CWE-564 SQL注入:Hibernate

SQL Injection: Hibernate

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

Using Hibernate to execute a dynamic SQL statement built with user-controlled input can allow an attacker to modify the statement's meaning or to execute arbitrary SQL commands.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 89 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 89 cwe_View_ID: 699 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 89 cwe_View_ID: 928 cwe_Ordinal: Primary

常见的影响

范围 影响 注释
['Confidentiality', 'Integrity'] ['Read Application Data', 'Modify Application Data']

可能的缓解方案

Requirements

策略:

A non-SQL style database which is not subject to this flaw may be chosen.

Architecture and Design

策略:

Follow the principle of least privilege when creating user accounts to a SQL database. Users should only have the minimum privileges necessary to use their account. If the requirements of the system indicate that a user can read and modify their own data, then limit their privileges so they cannot read/write others' data.

MIT-15 Architecture and Design

策略:

For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.

Implementation

策略:

Implement SQL strings using prepared statements that bind variables. Prepared statements that do not bind variables can be vulnerable to attack.

Implementation

策略:

Use vigorous whitelist style checking on any user input that may be used in a SQL command. Rather than escape meta-characters, it is safest to disallow them entirely. Reason: Later use of data that have been entered in the database may neglect to escape meta-characters before use. Narrowly define the set of safe characters based on the expected value of the parameter in the request.

示例代码

The following code excerpt uses Hibernate's HQL syntax to build a dynamic query that's vulnerable to SQL injection.

bad Java

String street = getStreetFromUser();
Query query = session.createQuery("from Address a where a.street='" + street + "'");

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
Software Fault Patterns SFP24 Tainted input to command

相关攻击模式

  • CAPEC-109

文章来源于互联网:scap中文网

特别标注: 本站(CN-SEC.COM)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
  • 我的微信
  • 微信扫一扫
  • weinxin
  • 我的微信公众号
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月4日16:21:49
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                  CWE-564 SQL注入:Hibernate http://cn-sec.com/archives/613389.html

发表评论

匿名网友 填写信息

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: