Difference between revisions of "Custom Special Character Injection"

From OWASP
Jump to: navigation, search
(Related Threat Agents)
m (Added to Injection subcategory)
 
(9 intermediate revisions by one user not shown)
Line 3: Line 3:
 
<br>
 
<br>
 
[[Category:OWASP ASDR Project]]
 
[[Category:OWASP ASDR Project]]
[[ASDR Table of Contents]]__TOC__
+
 
 +
 
 +
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 +
 
  
 
==Description==
 
==Description==
Line 10: Line 13:
  
 
==Risk Factors==
 
==Risk Factors==
 +
TBD
  
 
==Examples ==
 
==Examples ==
Line 15: Line 19:
 
'''Example1'''
 
'''Example1'''
  
Simple example is an application, which executes almost everything what is passed to it from current terminal by the user without
+
A simple example is an application which executes almost everything which is passed to it from the current terminal by the user without
sanitazing and blocking user input. If application doesn't implement appropriate signals handling we may interrupt or suspend program
+
sanitazing and blocking user input. If the application doesn't implement appropriate signals handling, we may interrupt or suspend program
 
execution by sending respectively ''Ctrl+C (^C)'' or ''Ctrl+Z (^Z)'' combinations. These combinations are sending signals to the application.
 
execution by sending respectively ''Ctrl+C (^C)'' or ''Ctrl+Z (^Z)'' combinations. These combinations are sending signals to the application.
 
In the first case it's ''SIGINT'' and in the second it's ''SIGSTOP'' signal.
 
In the first case it's ''SIGINT'' and in the second it's ''SIGSTOP'' signal.
Line 24: Line 28:
 
The classic example, often used by the IRC warriors/bandits, was disconnecting modem users by sending to them a special sequence of
 
The classic example, often used by the IRC warriors/bandits, was disconnecting modem users by sending to them a special sequence of
 
characters. Sending via any protocol (IP) "''+++ATH0''" sequence caused some modems to interpret this sequence as a disconnect command. So
 
characters. Sending via any protocol (IP) "''+++ATH0''" sequence caused some modems to interpret this sequence as a disconnect command. So
all it had to be done was to send on IRC channel previously mentioned sequence, what in effect forced vulnerable modems to disconnect.
+
all that had to be done was to send the sequence on an IRC channel, which in effect forced vulnerable modems to disconnect.
  
 
==Related [[Threat Agents]]==
 
==Related [[Threat Agents]]==
 
+
* [[Logic/time bomb]]
*[[Logic/time bomb]]
+
  
 
==Related [[Attacks]]==
 
==Related [[Attacks]]==
 
+
* [[Log forging]]
*[[Log forging]]
+
  
 
==Related [[Vulnerabilities]]==
 
==Related [[Vulnerabilities]]==
 
+
TBD
  
 
==Related [[Controls]]==
 
==Related [[Controls]]==
 +
* [[:Category:Input Validation]]
 +
* [[Output Validation]]
 +
* [[Canonicalization]]
  
Assume all input is malicious. Use an appropriate combination of black lists and white lists to ensure only valid and expected input is processed by the system.
+
==References==
 
+
TBD
 
+
==Categories==
+
  
 +
[[Category:Injection]]
 
[[Category:Resource Manipulation]]
 
[[Category:Resource Manipulation]]
 
 
[[Category:Attack]]
 
[[Category:Attack]]

Latest revision as of 18:22, 8 December 2011

This is an Attack. To view all attacks, please see the Attack Category page.




Last revision (mm/dd/yy): 12/8/2011


Description

The software does not properly filter or quote special characters or reserved words that are used in a custom or proprietary language or representation that is used by the product. That allows attackers to modify the syntax, content, or commands before they are processed by the end system.

Risk Factors

TBD

Examples

Example1

A simple example is an application which executes almost everything which is passed to it from the current terminal by the user without sanitazing and blocking user input. If the application doesn't implement appropriate signals handling, we may interrupt or suspend program execution by sending respectively Ctrl+C (^C) or Ctrl+Z (^Z) combinations. These combinations are sending signals to the application. In the first case it's SIGINT and in the second it's SIGSTOP signal.

Example2

The classic example, often used by the IRC warriors/bandits, was disconnecting modem users by sending to them a special sequence of characters. Sending via any protocol (IP) "+++ATH0" sequence caused some modems to interpret this sequence as a disconnect command. So all that had to be done was to send the sequence on an IRC channel, which in effect forced vulnerable modems to disconnect.

Related Threat Agents

Related Attacks

Related Vulnerabilities

TBD

Related Controls

References

TBD