结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
The software receives data from an upstream component, but only accounts for special elements at a specified location, thereby missing remaining special elements that may exist before sending it to a downstream component.
A filter might only account for instances of special elements when they occur:
This may leave special elements in the data that did not match the filter position, but still may be dangerous.
cwe_Nature: ChildOf cwe_CWE_ID: 791 cwe_View_ID: 699 cwe_Ordinal: Primary
cwe_Nature: ChildOf cwe_CWE_ID: 791 cwe_View_ID: 1000 cwe_Ordinal: Primary
范围 | 影响 | 注释 |
---|---|---|
Integrity | Unexpected State |
The following code takes untrusted input and uses a regular expression to filter a "../" element located at the beginning of the input string. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.
bad Perl
Since the regular expression is only looking for an instance of "../" at the beginning of the string, it only removes the first "../" element. So an input value such as:
attack
will have the first "../" stripped, resulting in:
result
This value is then concatenated with the /home/user/ directory:
result
which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-22).