CWE-181: Incorrect Behavior Order: Validate Before Filter

Description

The product validates data before it has been filtered, which prevents the product from detecting data that becomes invalid after the filtering step.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

This can be used by an attacker to bypass the validation and launch attacks that expose weaknesses that would otherwise be prevented, such as injection.

Example Vulnerable Codes

Example - 1

This script creates a subdirectory within a user directory and sets the user as the owner.



echo 'Directory name contains invalid sequence';return;
// //filter out '~' because other scripts identify user directories by this prefix// 
$userDir = '/users/'. $userName;if(strpos($dirName,'..') !== false){}$dirName = str_replace('~','',$dirName);$newDir = $userDir . $dirName;mkdir($newDir, 0700);chown($newDir,$userName);function createDir($userName,$dirName){}

While the script attempts to screen for '..' sequences, an attacker can submit a directory path including ".~.", which will then become ".." after the filtering step. This allows a Path Traversal (CWE-21) attack to occur.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 05, 2024 4:48