Code Injection [CWE-94] — The Hacktivists

1. Description
………………………………

This weakness describes a situation where the software uses untrusted input to contrast all parts of code and does not perform or incorrectly performs neutralization of special characters that might influence syntax or behavior of the code segment.

$var ="param";
$sInput = $_GET["param"];
Eval("\$var=\$sInput;");
http://[host]/script.php?param=1;phpinfo();

2. Potential impact
………………………………

The maximum impact of this weakness depends on software design and implementation. This weakness may allow an attacker to execute arbitrary code within the application and compromise the vulnerable system.

3. Attack patterns
………………………………

There are the following CAPEC attack patterns that correspond to this weakness:

4. Affected software
………………………………

Any software that evaluates untrusted input or uses it to construct code is potentially vulnerable to this weakness.

5. Exploitation Examples
………………………………

Let’s have a look at the HTB23070 security advisory (CVE-2012–0993).

6. Severity and CVSS Scoring
……………………………………..

The severity of the vulnerability depends on the language that was used to create the application. If injection occurs within the javascript code, the maximum potential impact is cross-site scripting. In the case of reflected XSS, it should be scored as:
6.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N] — Medium severity.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store