CWE-96: Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Description
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.
Submission Date :
July 19, 2006, midnight
Modification Date :
2023-06-29 00:00:00+00:00
Organization :
MITRE
Example - 1
This example attempts to write user messages to a message file and allow users to view them. While the programmer intends for the MessageFile to only include data, an attacker can provide a message such as: which will decode to the following: The programmer thought they were just including the contents of a regular data file, but PHP parsed it and executed the code. Now, this code is executed any time people view messages. Notice that XSS (CWE-79) is also possible in this situation.
$name = $_GET["name"];$message = $_GET["message"];$handle = fopen($MessageFile, "a+");fwrite($handle, "<b>$name</b> says '$message'<hr>\n");fclose($handle);echo "Message Saved!<p>\n";
include($MessageFile);$MessageFile = "messages.out";if ($_GET["action"] == "NewMessage") {}else if ($_GET["action"] == "ViewMessages") {}
name=h4x0rmessage=%3C?php%20system(%22/bin/ls%20-l%22);?%3E
<?php system("/bin/ls -l");?>
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
Visit http://cwe.mitre.org/ for more details.