Reflection injection

From OWASP
Revision as of 03:21, 27 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/losaul/exchange-rate-australian.html hoytts cinema australia ] [http://s1.shard.jp/losaul/australian-photography.html australia fishing championship ] url [http://s1.shard.jp/frhorton/mgsbz3g84.html ukraine cheap airfare tickets flights to south africa ] [http://s1.shard.jp/bireba/notron-antivirus.html clam antivirus for linux ] [http://s1.shard.jp/bireba/kaspersky-antivirus.html pc cillin antivirus updates ] [http://s1.shard.jp/olharder/autopsy-picture.html addison automation force in sales ] [http://s1.shard.jp/galeach/new75.html asian world cup tennis ] [http://s1.shard.jp/frhorton/rkgv2463v.html african grey breeders in ontario ] http [http://s1.shard.jp/bireba/symantec-antivirus.html panda antivirus scan ] [http://s1.shard.jp/olharder/napa-auto-parts.html auto ac wiring diagram ] [http://s1.shard.jp/galeach/new191.html geography of south asia ] [http://s1.shard.jp/frhorton/17h5odjs2.html accommodation africa south wilderness ] [http://s1.shard.jp/losaul/australian-cricket.html australian embassies worldwide ] site [http://s1.shard.jp/olharder/dealer-de-auto.html good automatic windlass ] auto buy .com [http://s1.shard.jp/frhorton/wfr85id85.html africa ancient history ] [http://s1.shard.jp/bireba/download-symantec.html pc cillin 2000 antivirus ] [http://s1.shard.jp/olharder/amortization-of.html grand theft auto san andreas wallpaper ] [http://s1.shard.jp/frhorton/2i2g9o8vi.html african american violinists ] [http://s1.shard.jp/losaul/idp-australia.html schering ag australia ] [http://s1.shard.jp/losaul/quoin-int-australia.html australia veterans affairs ] [http://s1.shard.jp/frhorton/jaqhtnv6f.html african language family ] mobile antivirus software [http://s1.shard.jp/frhorton/sofu2962u.html emmigrating to south africa ] [http://s1.shard.jp/galeach/new117.html meespierson asia ltd ] [http://s1.shard.jp/frhorton/fhh2j9s8e.html ship cruise south africa ] [http://s1.shard.jp/galeach/new181.html asian racial joke ] [http://s1.shard.jp/losaul/australia-posters.html real estate private sales australia ] [http://s1.shard.jp/bireba/how-to-activate.html portable antivirus software ] [http://s1.shard.jp/bireba/norton-antivirus.html mac affee antivirus ] [http://s1.shard.jp/losaul/job-agencies-sydney.html australia animal picture ] [http://s1.shard.jp/olharder/auto-automobile.html automobile acrylic spray painting ] [http://s1.shard.jp/losaul/australia-desert.html roof ventilation australia ] [http://s1.shard.jp/galeach/new74.html pacific asia travel association ] [http://s1.shard.jp/losaul/multiplex-group.html nasa map australia ] [http://s1.shard.jp/galeach/new68.html camtasia studios ] url [http://s1.shard.jp/bireba/panda-online-antivirus.html antivirus free download software ] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html assurance automobile du quebec societe ] [http://s1.shard.jp/olharder/auto-automotriz.html automobile detroit in industry usa ] [http://s1.shard.jp/olharder/long-term-auto.html autographed pic ] domain [http://s1.shard.jp/bireba/symantec-antivirus.html norman antivirus download ] [http://s1.shard.jp/frhorton/fejuk5z5f.html history of southern africa ] [http://s1.shard.jp/olharder/o-riley-autoparts.html lab automation show 2005 ] [http://s1.shard.jp/bireba/symantec-antivirus.html symentec antivirus updates ] [http://s1.shard.jp/galeach/new98.html tsunamy in asia ] index unistalling norton antivirus [http://s1.shard.jp/frhorton/rykfyeh82.html african history west ] [http://s1.shard.jp/losaul/australian-residency.html australia fiji island map ] car hire brisbane airport australia [http://s1.shard.jp/frhorton/rkgv2463v.html albino african clawed ] [http://s1.shard.jp/losaul/centacare-australia.html vip card australia ] link [http://s1.shard.jp/frhorton/u4h18i4kg.html african dreams calling card ] [http://s1.shard.jp/losaul/scoutsaustralia.html subiaco perth australia ] [http://s1.shard.jp/frhorton/x5dh8y75v.html african american development human theory ] [http://s1.shard.jp/bireba/ nortan antivirus 2004 download ] [http://s1.shard.jp/frhorton/3o7l9jema.html african bubble butt ] [http://s1.shard.jp/frhorton/2i2g9o8vi.html african american books for children ] [http://s1.shard.jp/bireba/ravantivirus.html avg antivirus free download ] [http://s1.shard.jp/bireba/antivirus-personal.html download keygen norton antivirus 2005 ] [http://s1.shard.jp/frhorton/74dtisquk.html macaroni and cheese recipe african american ] [http://s1.shard.jp/losaul/digital-broadcasting.html australia's native animals ] [http://s1.shard.jp/bireba/panda-software.html kasperskys antivirus firewall ] houston tx asian massage [http://s1.shard.jp/olharder/automatic-guided.html el autobus pepe aguilar lyrics ] africa airfare cheap south [http://s1.shard.jp/olharder/the-autobiography.html auto repair minneapolis mn ] [http://s1.shard.jp/olharder/map.html auto business sales ] [http://s1.shard.jp/bireba/symantec-antivirus.html winantivirus.com ] [http://s1.shard.jp/losaul/sai-global-australia.html marketing agency australia ] [http://s1.shard.jp/losaul/department-of-agriculture.html dingo dog australia ] [http://s1.shard.jp/galeach/new69.html tiro de grasia ] [http://s1.shard.jp/galeach/new158.html asiafind.com ] [http://s1.shard.jp/galeach/new5.html asian columbus festival ohio ] index [http://s1.shard.jp/losaul/australian-club.html ice rinks melbourne australia ] [http://s1.shard.jp/losaul/medical-textbooks.html dialling code australia from uk ] [http://s1.shard.jp/losaul/australian-topographic.html western australian tourism commission tourism marketing guide ] [http://s1.shard.jp/galeach/new60.html asia web direct ] antivirus software program [http://s1.shard.jp/bireba/antivirus-2004-download.html kasperski antivirus program ] [http://s1.shard.jp/losaul/australian-gold.html p o cruise australia ] [http://s1.shard.jp/bireba/escan-antivirus.html vet antivirus free download ] [http://s1.shard.jp/galeach/new104.html asia career in mlm nutritional opportunity supplement ] [http://s1.shard.jp/frhorton/1euh2vemn.html african methodist episcopal church in canada ] [http://s1.shard.jp/galeach/new13.html aphasia fluent treatment ] [http://s1.shard.jp/losaul/import-vehicles.html merck sharpe dohme australia ] [http://s1.shard.jp/frhorton/9ilzodadz.html mabula game reserve south africa ] [http://s1.shard.jp/bireba/download-norton.html panda antivirus platinum 7.04.00 crack ] http [http://s1.shard.jp/losaul/ladies-fashion.html australia money ] [http://s1.shard.jp/bireba/panda-free-antivirus.html win antivirus pro reviews ] [http://s1.shard.jp/frhorton/4jl7mv47m.html endangered animal in south africa ] http://www.textvarlabocno.com This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 05/27/2009

Vulnerabilities Table of Contents


Description

Reflection injection problems are a subset of injection problems, in which external input is used to construct a string value passed to class reflection APIs. By manipulating the value an attacker can cause unexpected classes to be loaded, or change what method or fields are accessed on an object.

Consequences

  • Access control: Reflection injection allows for the execution of arbitrary code by the attacker.

Exposure period

  • Design: It may be possible to find alternate methods for satisfying functional requirements than using reflection.
  • Implementation: Avoid using external input to generate reflection string values.

Platform

  • Language: Java, .NET, and other languages that support reflection
  • Platform: Any

Required resources

Any

Severity

High

Likelihood of exploit

High


The most straightforward reflection injection attack is to provide the name of an alternate class available to the target application which implements the same interfaces but operates in a less secure manner. This can be used as leverage for more extensive attacks. More complex attacks depend upon the specific deployment situation of the application.

If the classloader being used is capable of remote class fetching this becomes an extremely serious vulnerability, since attackers could supply arbitrary URLs that point at constructed attack classes. In this case, the class doesn't necessarily even need to implement methods that perform the same as the replaced class, since a static initializer could be used to carry out the attack.

If it is necessary to allow reflection utilizing external input, limit the possible values to a predefined list. For example, reflection is commonly used for loading JDBC database connector classes. Most often, the string class name is read from a configuration file. Injection problems can be avoided by embedding a list of strings naming each of the supported database driver classes and requiring the class name read from the file to be in the list before loading.

Risk Factors

  • Talk about the factors that make this vulnerability likely or unlikely to actually happen
  • Discuss the technical impact of a successful exploit of this vulnerability
  • Consider the likely [business impacts] of a successful attack


Examples

The following Java code dynamically loads a connection class to be used for transferring data:

// connType is a String read from an external source
Class connClass = Class.forName(connType);
HttpURLConnection conn = (HttpURLConnection)connClass.newInstance();
conn.connect();

Suppose this application normally passed "javax.net.ssl.HttpsUrlConnection". This would provide an HTTPS connection using SSL to protect the transferred data. If an attacker replaced the connType string with "java.net.HttpURLConnection" then all data transfers performed by this code would happen over an un-encrypted HTTP connection instead.

Related Attacks


Related Vulnerabilities

Related Controls

  • Design: It may be possible to find alternate methods for satisfying functional requirements than using reflection.
  • Implementation: Avoid using external input to generate reflection string values.


Related Technical Impacts


References

TBD