CWE-698 重定向后执行(EAR)

admin
admin
admin
140792
文章
117
评论
2021年12月16日15:52:59评论98 views字数 2403阅读8分0秒阅读模式

CWE-698 重定向后执行(EAR)

Execution After Redirect (EAR)

结构: Simple

Abstraction: Base

状态: Incomplete

被利用可能性: unkown

基本描述

The web application sends a redirect to another location, but instead of exiting, it executes additional code.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 705 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 670 cwe_View_ID: 1000

常见的影响

范围 影响 注释
['Other', 'Confidentiality', 'Integrity', 'Availability'] ['Alter Execution Logic', 'Execute Unauthorized Code or Commands'] This weakness could affect the control flow of the application and allow execution of untrusted code.

检测方法

Black Box

This issue might not be detected if testing is performed using a web browser, because the browser might obey the redirect and move the user to a different page before the application has produced outputs that indicate something is amiss.

示例代码

This code queries a server and displays its status when a request comes from an authorized IP address.

bad PHP

$requestingIP = $_SERVER['REMOTE_ADDR'];
if(!in_array($requestingIP,$ipWhitelist)){

echo "You are not authorized to view this page";
http_redirect($errorPageURL);

}
$status = getServerStatus();
echo $status;
...

This code redirects unauthorized users, but continues to execute code after calling http_redirect(). This means even unauthorized users may be able to access the contents of the page or perform a DoS attack on the server being queried. Also, note that this code is vulnerable to an IP address spoofing attack (CWE-212).

分析过的案例

标识 说明 链接
CVE-2013-1402 Execution-after-redirect allows access to application configuration details. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1402
CVE-2009-1936 chain: library file sends a redirect if it is directly requested but continues to execute, allowing remote file inclusion and path traversal. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1936
CVE-2007-2713 Remote attackers can obtain access to administrator functionality through EAR. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713
CVE-2007-4932 Remote attackers can obtain access to administrator functionality through EAR. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4932
CVE-2007-5578 Bypass of authentication step through EAR. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5578
CVE-2007-2713 Chain: Execution after redirect triggers eval injection. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2713
CVE-2007-6652 chain: execution after redirect allows non-administrator to perform static code injection. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6652

引用

文章来源于互联网:scap中文网

免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年12月16日15:52:59
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-698 重定向后执行(EAR)https://cn-sec.com/archives/613194.html
                  免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉.

发表评论

匿名网友 填写信息