|
|
|
|
CWE-96 Individual Dictionary Definition (Draft 9)
Weakness ID
| Status: Draft 96 (Weakness Base) | | Description | Summary The software allows user-controlled input to be fed directly into an output file that is later
processed as code, such as a library file or template. | | Weakness Ordinality | Primary (Weakness exists independent of other weaknesses) | | Causal Nature | Explicit (This is an explicit weakness resulting from behavior of the developer) | | Affected Resource | File/Directory | | Potential Mitigations | Assume all input is malicious. Use an appropriate combination of black lists
and white lists to filter code syntax from user-controlled input. Avoid writing user-controlled input to code files. Perform output validation to filter all code syntax from data written to non-code files. | | Observed Examples | | Reference | Description |
|---|
| CVE-2002-0495 | Perl code directly injected into CGI library file from parameters to another CGI
program. | | CVE-2005-1876 | Direct PHP code injection into supporting template file. | | CVE-2005-1894 | Direct code injection into PHP script that can be accessed by attacker. | | CVE-2003-0395 | PHP code from User-Agent HTTP header directly inserted into log file implemented as
PHP script. |
| | Context Notes | "HTML injection" (see XSS) could be thought of as an example of this, but it is
executed on the client side, not the server side. Server-Side Includes (SSI) are an example of
direct static code injection. This issue is most frequently found in PHP applications that allow users to set
configuration variables that are stored within executable php files. Technically, this could also
be performed in some compiled code (e.g. by byte-patching an executable), although it is highly
unlikely. | | Relationships | | | Source Taxonomies | PLOVER - Direct Static Code Injection | | Applicable Platforms | PHP Perl All Interpreted Languages | | Related Attack Patterns | | CAPEC-ID | Attack Pattern Name |
|---|
| 35 | Leverage Executable Code in Nonexecutable Files | | 81 | Web Logs Tampering | | 63 | Simple Script Injection | | 18 | Embedding Scripts in Nonscript Elements | | 73 | User-Controlled Filename | | 85 | Client Network Footprinting (using AJAX/XSS) | | 86 | Embedding Script (XSS ) in HTTP Headers | | 77 | Manipulating User-Controlled Variables |
|
|