CWE-790 特殊元素过滤不恰当
Improper Filtering of Special Elements
结构: Simple
Abstraction: Class
状态: Incomplete
被利用可能性: unkown
基本描述
The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 138 cwe_View_ID: 699 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 138 cwe_View_ID: 1000 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Integrity | Unexpected State |
示例代码
例
The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
bad Perl
$Username =~ s/..///;
my $filename = "/home/user/" . $Username;
ReadAndSendFile($filename);
Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:
attack
will have the first "../" stripped, resulting in:
result
This value is then concatenated with the /home/user/ directory:
result
which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23).
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论