cwe error

最新推荐文章于 2021-12-21 15:34:05 发布
最新推荐文章于 2021-12-21 15:34:05 发布
阅读量402 收藏
点赞数
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/flyheavon/article/details/8453545
版权

转载必须注明,否则生娃。。没那个。

XML Example: Bad Code
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation
defaultLanguage="c#"
debug="true"
/>
...
</system.web>
</configuration>

debug等于true


ASP.NET Example: Bad Code
<customErrors mode="Off" />

ASP.NET Example: Good Code
<customErrors mode="RemoteOnly" />


ASP.NET Misconfiguration: Password in Configuration File

Example 1:
The following connectionString has clear text credentials.
XML Example: Bad Code
<connectionStrings>
<add name="ud_DEV" connectionString="connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;"
providerName="System.

ASP.NET Example: Bad Code
...
<connectionStrings>
<add name="ud_DEV" connectionString="connectDB=uDB; uid=db2admin; pwd=password; dbalias=uDB;"
providerName="System.Data.Odbc" />
</connectionStrings>


Compiler Removal of Code to Clear Buffers, user may able to get the pwd

C Example: Bad Code
void GetData(char *MFAddr) {
char pwd[64];
if (GetPasswordFromUser(pwd, sizeof(pwd))) {
if (ConnectToMainframe(MFAddr, pwd)) {
// Interaction with mainframe
}
}
memset(pwd, 0, sizeof(pwd));
}


The following C code accepts a number as one of its command line parameters and sets it as the
host ID of the current machine.
C Example: Bad Code
...
sethostid(argv[1]);


Java Example: Bad Code
...
conn.setCatalog(request.getParameter("catalog"));

catalog将被欺骗。

未验证输入Improper Input Validation:

public static final double price = 20.00;
int quantity = currentUser.getAttribute("quantity");
double total = price * quantity;
chargeUser(total);



#define MAX_DIM 100
...
/* board dimensions */
int m,n, error;
board_square_t *board;
printf("Please specify the board height: \n");
error = scanf("%d", &m);
if ( EOF == error ){
die("No integer passed: Die evil hacker!\n");
}
printf("Please specify the board width: \n");
error = scanf("%d", &n);
if ( EOF == error ){
die("No integer passed: Die evil hacker!\n");
}
if ( m > MAX_DIM || n > MAX_DIM ) {
die("Value too large: Die evil hacker!\n");
}
board = (board_square_t*) malloc( m * n * sizeof(board_square_t));

未检测负号

PHP Example: Bad Code
$birthday = $_GET['birthday'];
$homepage = $_GET['homepage'];
echo "Birthday: $birthday<br>Homepage: <a href=$homepage>click here</a>"

未检测

C Example: Bad Code
void parse_data(char *untrusted_input){
int m, n, error;
error = sscanf(untrusted_input, "%d:%d", &m, &n);
if ( EOF == error ){
die("Did not specify integer value. Die evil hacker!\n");
}
/* proceed assuming n and m are initialized correctly */
}

输入123:出错输入123:出错


Java Example: Bad Code
private void buildList ( int untrustedListSize ){
if ( 0 > untrustedListSize ){
die("Negative value supplied for list size, die evil hacker!");
}
Widget[] list = new Widget [ untrustedListSize ];
list[0] = new Widget();
}

untrustedListSize 等于0,导致空数组。


Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Java Example: Bad Code
String filename = System.getProperty("com.domain.application.dictionaryFile");
File dictionaryFile = new File(filename);

Java Example: Bad Code
String path = getInputPath();
if (path.startsWith("/safe_dir/"))
{
File f = new File(path);
f.delete()
}
An attacker could provide an input such as this:
Attack
/safe_dir/../important.dat

HTML Example: Good Code
<form action="FileUploadServlet" method="post" enctype="multipart/form-data">
Choose a file to upload:
<input type="file" name="filename"/>
<br/>
<input type="submit" name="submit" value="Submit"/>
</form>


Java Example: Bad Code
public class FileUploadServlet extends HttpServlet {
...
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String contentType = request.getContentType();
// the starting position of the boundary header
int ind = contentType.indexOf("boundary=");
String boundary = contentType.substring(ind+9);
String pLine = new String();
String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value
// verify that content type is multipart form data
if (contentType != null && contentType.indexOf("multipart/form-data") != -1) {
// extract the filename from the Http header
BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
...
pLine = br.readLine();
String filename = pLine.substring(pLine.lastIndexOf("\\"), pLine.lastIndexOf("\""));
...
// output the file to the local upload directory
try {
BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));
for (String line; (line=br.readLine())!=null; ) {
if (line.indexOf(boundary) == -1) {
bw.write(line);
bw.newLine();
bw.flush();
}
} //end of for loop
bw.close();
} catch (IOException ex) {...}
// output successful upload response HTML page
}
// output unsuccessful upload response HTML page
else
{...}
}
...
}
This code does not check the filename that is provided in the header, so an attacker can use
"../" sequences to write to files outside of the intended directory.

CWE-59). This includes:
realpath() in C
getCanonicalPath() in Java
GetFullPath() in ASP.NET
realpath() or abs_path() in Perl
realpath() in PHP



Relative Path Traversal

Example 1:
The following URLs are vulnerable to this attack:
Bad Code
http://example.com.br/get-files.jsp?file=report.pdf
http://example.com.br/get-page.php?home=aaa.html
http://example.com.br/some-page.asp?page=index.html
A simple way to execute this attack is like this:
Attack
http://example.com.br/get-files?file=../../../../somedir/somefile
http://example.com.br/../../../../etc/shadow
http://example.com.br/get-files?file=../../../../etc/passwd

Java:

public class FileUploadServlet extends HttpServlet {
...
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String contentType = request.getContentType();
// the starting position of the boundary header
int ind = contentType.indexOf("boundary=");
String boundary = contentType.substring(ind+9);
String pLine = new String();
String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value
// verify that content type is multipart form data
if (contentType != null && contentType.indexOf("multipart/form-data") != -1) {
// extract the filename from the Http header
BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
...
pLine = br.readLine();
String filename = pLine.substring(pLine.lastIndexOf("\\"), pLine.lastIndexOf("\""));
...
// output the file to the local upload directory
try {
BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));
for (String line; (line=br.readLine())!=null; ) {
if (line.indexOf(boundary) == -1) {
bw.write(line);
bw.newLine();
bw.flush();
}
} //end of for loop
bw.close();
} catch (IOException ex) {...}
// output successful upload response HTML page
}
// output unsuccessful upload response HTML page
else
{...}
}
...
}

未检测上传文件类型。


Absolute Path Traversal

Java Example: Bad Code
String filename = System.getProperty("com.domain.application.dictionaryFile");
File dictionaryFile = new File(filename);

public class FileUploadServlet extends HttpServlet {
...
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
String contentType = request.getContentType();
// the starting position of the boundary header
int ind = contentType.indexOf("boundary=");
String boundary = contentType.substring(ind+9);
String pLine = new String();
String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value
// verify that content type is multipart form data
if (contentType != null && contentType.indexOf("multipart/form-data") != -1) {
// extract the filename from the Http header
BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
...
pLine = br.readLine();
String filename = pLine.substring(pLine.lastIndexOf("\\"), pLine.lastIndexOf("\""));
...
// output the file to the local upload directory
try {
BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));
for (String line; (line=br.readLine())!=null; ) {
if (line.indexOf(boundary) == -1) {
bw.write(line);
bw.newLine();
bw.flush();
}
} //end of for loop
bw.close();
} catch (IOException ex) {...}
// output successful upload response HTML page
}
// output unsuccessful upload response HTML page
else
{...}
}
...
}

As with the previous example this code does not perform a check on the type of the file being
uploaded. This could allow an attacker to upload any executable file or other file with malicious
code.
Additionally, the creation of the BufferedWriter object is subject to relative path traversal (CWE-22,
CWE-23). Depending on the executing environment, the attacker may be able to specify arbitrary
files to write to, leading to a wide variety of consequences, from code execution, XSS (CWE-79), or
system crash.




flyheavon
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Relative Path Traversal
不会写博客
04-28 1153
使用 StopBugs扫描了下代码发现提示“Relative path traversal”这个安全性的 bug ok,打开右下方提示的地址:http://cwe.mitre.org/data/definitions/23.html 看到这里大概就明白了代码这是通过传递相对路径的文件,达到可以查看遍历路径的文件内容,通过这种可以查看到一些配置文件的漏洞。Example 3 还是演示一个 Java Servlet的案例 那么解决方案也很容易处理,直接过滤传参 我这里其实是拼接文件路径的,也基本上确定是.
相对路径遍历Relative Path Traversal
技术随笔
07-24 7703
http://cwe.mitre.org/data/definitions/23.html 这个里面关于这个问题描述的很清楚。 为了防止利用诸如下列网址的攻击 http://example.com.br/get-files?file=report.pdf http://example.com.br/get-files?file=../../../../etc/passwd ...
代码安全_弱点(脆弱性)分析 CWE、漏洞、防御机制
sun0322
03-30 2141
CWE Common Weakness Enumeration ■List ・CWE-117: Improper Output Neutralization for Logs   The software does not neutralize or incorrectly neutralizes output that is written to logs. http://...
path-traversal-servlet:演示目录遍历的简单 Servlet
06-26
路径遍历servlet 演示目录遍历的简单 Servlet 运行应用程序 mvn tomcat7:run 到试试
网络安全风向标
颹蕭蕭
12-21 394
CWE Top 25 https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html RankIDNameScore2020 Rank Change [1]CWE-787Out-of-bounds Write65.93+1 [2]CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')46.84-1 [3]CWE-125Out-
cwe_latest 2021 common weakness enumeration.pdf
03-24
3. CWE-7: J2EE Misconfiguration: Missing Custom Error Page - 如果应用没有自定义错误页面,系统默认的错误信息可能会暴露系统内部细节,帮助攻击者了解系统状态。因此,应配置自定义错误页面,以减少攻击面。 4...
CWE476
03-15
标题"CWE476"指的是Common Weakness Enumeration (CWE)中的第476号漏洞,这是一项关于软件安全的国际标准,用于识别、分类和记录软件中的弱点。CWE476通常被称为"Null Pointer Dereference",即空指针解引用。这个...
CWE List Version 4.12
09-07
CWE(Common Weakness Enumeration)是一种标准化的努力,旨在为软件安全漏洞提供一个通用的、一致的语言,便于识别、分类和讨论这些弱点。CWE Version 4.12是2023年6月29日发布的最新版本,由美国国土安全部国家...
cwe-sdk-[removed]符合MITER CAPEC的通用弱点枚举(CWE)Node.js SDK
05-08
cwe-sdk 符合MITER / CAPEC的通用弱点枚举(CWE)Node.js SDK 安装 yarn add cwe-sdk 用法 需要CweManager类并使用其方法 const { CweManager } = require ( 'cwe-sdk' ) 例子 const { CweManager } = require ( '...
cwe900ssjb.zip
最新发布
02-19
标题 "cwe900ssjb.zip" 暗示我们关注的是一个与网络安全相关的主题,特别是关于CWE-900(严重安全错误类别)的讨论。CWE(Common Weakness Enumeration)是一个广泛认可的漏洞分类系统,用于识别、记录和防止软件中...
CWE学习(一)
qq_44370676的博客
04-28 4466
CWECWE-20: Improper Input Validation示例代码1示例代码2CWE-22: Improper Limitation of a Pathname to a Restricted Directory示例代码1CWE-78: Improper Neutralization of Special Elements used in an OS Command示例代码1CWE-119: Improper Restriction of Operations within the Bound
Java代码审计手册(English)
重新启程
10-14 1万+
Table of Contents Predictable pseudorandom number generator (PREDICTABLE_RANDOM) Predictable pseudorandom number generator (Scala) (PREDICTABLE_RANDOM_SCALA) Untrusted servlet parameter (SERVLET...
路径遍历与文件读取漏洞以及其修复方案
热门推荐
pygain的博客
10-17 3万+
一些网站的业务需求,可能提供文件查看或下载功能,如果对用户查看或下载的文件不做限制,那么用户就能够查看和下载任意2文件,可以使源代码文件、敏感文件等
hive配置遇到的问题( Relative path in absolute URI: ${system:java.io.tmpdir%7D/$%7Bsystem:user.name%7D)
01-16 3万+
遇到的异常详情如下: Exception in thread "main"java.lang.RuntimeException: java.lang.IllegalArgumentException:java.net.URISyntaxException: Relative path in absolute URI:${system:java.io.tmpdir%7D/$%7Bsystem:
HTML相对路径解析(Relative Path)
iCopper_的博客
06-21 1769
原文:https://blog.csdn.net/l18848956739/article/details/53411241
[Java-sec-code学习]path_traversal路径穿越
Y4tacker的博客
06-26 2053
文章目录前言path_traversal@RestController路径穿越修复方法 前言 期末考试周了,学了一天密码学,累死了,我的Java也要开始一点 本文章代码来源于Java-sec-code项目 path_traversal 首先我们在org/joychou/controller/PathTraversal.java路径下面,首先最上方有一个大大的@RestController @RestController 这是在Spring4之后新加入的注解,原来返回json需要@ResponseBody和@
JSP和servlet之间的相对路径和绝对路径
甜咖啡的专栏
10-13 1810
1. JSP页面跳转到Servlet servlet路径跳转 相对路径访问HelloServlet /servlet/HelloServlet">绝对路径访问HelloServlet 访问TestServlet,跳转到test.jsp 2. Servlet跳转到JSP页面 protected void doPost(Htt
pom中relativePath标签
喔易
04-27 3万+
查找顺序:relativePath元素中的地址–本地仓库–远程仓库&lt;relativePath/&gt;设定一个空值将始终从仓库中获取,不从本地路径获取
ref:关于JAVA中一些安全漏洞示例说明及如何规避方法代码示例总结分享
蝉之洞
10-22 1742
ref:http://www.xwood.net/_site_domain_/_root/5870/5874/t_c268166.html 标签:安全,漏洞,健壮,java,SQL注入,SS及CSRF,命令注入,线程安全 发布时间:2017-09-16 一、前言 这边通过工作整理一些常见安全漏洞及解决方法,主要涉及有:框架低版本漏洞、空指针的引用、整数溢出、命令注入、SQL注入、XSS及CSRF、跳转漏洞、HTTP Response Splitting漏洞、路径可控制及代码注入、资源泄露...
KeyError: 'cwe'
07-13
这个错误 `KeyError: 'cwe'` 表示在某个地方试图访问了一个字典中不存在的键 `'cwe'`。这通常意味着你的代码中使用了一个字典,并尝试通过 `'cwe'` 键来获取对应的值,但该键在字典中不存在。 要解决这个错误,你可以检查代码中涉及到 `'cwe'` 键的地方,确保在访问该键之前,该键已经被正确地添加到了字典中。可能的原因包括: 1. 字典中确实没有 `'cwe'` 键。你可以使用 `keys()` 方法检查字典中的所有键,以确认是否存在 `'cwe'` 键。 2. 在访问 `'cwe'` 键之前,字典还没有被正确地初始化或填充。你可以检查代码中字典的初始化和填充过程,确保 `'cwe'` 键已经被正确地添加到了字典中。 3. 代码中可能存在拼写错误或其他误用问题,导致 `'cwe'` 键被错误地引用。仔细检查代码,确保正确地使用了字典键。 通过检查代码并解决以上可能的问题,你应该能够解决这个 `KeyError: 'cwe'` 错误。
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值