Example - 1

This example loads an external class from a local subdirectory.

new URL("file:subdir/")
URL[] classURLs= new URL[]{};URLClassLoader loader = new URLClassLoader(classURLs);Class loadedClass = Class.forName("loadMe", true, loader);

This code does not ensure that the class loaded is the intended one, for example by verifying the class's checksum. An attacker may be able to modify the class file to execute malicious code.

Example - 2

This code includes an external script to get database credentials, then authenticates a user against the database, allowing access to the application.

// //assume the password is already encrypted, avoiding CWE-312// 

// //dbInfo.php makes $dbhost, $dbuser, $dbpass, $dbname available// 

mysql_close();return true;

mysql_close();return false;include("http://external.example.com/dbInfo.php");mysql_connect($dbhost, $dbuser, $dbpass) or die ('Error connecting to mysql');mysql_select_db($dbname);$query = 'Select * from users where username='.$username.' And password='.$password;$result = mysql_query($query);if(mysql_numrows($result) == 1){}else{}
function authenticate($username,$password){}

This code does not verify that the external domain accessed is the intended one. An attacker may somehow cause the external domain name to resolve to an attack server, which would provide the information for a false database. The attacker may then steal the usernames and encrypted passwords from real user login attempts, or simply allow themself to access the application without a real user account.

This example is also vulnerable to an Adversary-in-the-Middle AITM (CWE-300) attack.