The following code is from an administrative web application designed to allow users to kick off a backup of an Oracle database using a batch-file wrapper around the rman utility and then run a cleanup.bat script to delete some temporary files.
Baseelements executesystemcommand windows#
The '&' instructs the Windows operating system to execute another program. If the input coordinates were not validated prior to the call to this method, a malicious user could execute another program local to the application server by appending '&' followed by the command for another program to the end of the coordinate string. However, the method does not verify that the contents of the coordinates input parameter includes only correctly-formatted latitude and longitude coordinates. process results of coordinate transform Process exec = rt.exec("cmd.exe /C latlon2utm.exe -" + latlonCoords) In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. This table shows the weaknesses and high level categories that are related to this weakness. Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. That is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Improper Neutralization of Special Elements used in a Command ('Command Injection') Class level weaknesses typically describe issues in terms of 1 or 2 of the following dimensions: behavior, property, and resource.
More specific than a Pillar Weakness, but more general than a Base Weakness. In the second variant, the programmer does not intend for the command to be accessible to any untrusted party, but the programmer probably has not accounted for alternate ways in which malicious attackers can provide input.Ĭlass - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. In the first variant, the programmer clearly intends that input from untrusted parties will be part of the arguments in the command to be executed. If the command is being executed using functions like exec() and CreateProcess(), the attacker might not be able to combine multiple commands together in the same line.įrom a weakness standpoint, these variants represent distinct programmer errors. If the COMMAND is under attacker control, then the attacker can execute arbitrary commands or programs. For example, the program might use "exec()" to execute the that was supplied by the user. The application simply redirects this entire command to the operating system. The application accepts an input that it uses to fully select which program to run, as well as which commands to use.
However, if the program does not remove command separators from the HOSTNAME argument, attackers could place the separators into the arguments, which allows them to execute their own program after nslookup has finished executing. Attackers cannot prevent nslookup from executing. For example, the program might use system("nslookup ") to run nslookup and allow the user to supply a HOSTNAME, which is used as an argument. It intends to use externally-supplied inputs as arguments to that program.
0 kommentar(er)
