pandyex
commented
2 years ago CWE_352
Closed pandyex closed 2 years ago
pandyex
commented
2 years ago CWE_352
pandyex
commented
2 years ago CSRF
secure-code-warrior-for-github[bot]
commented
2 years ago Session-related but not session-based, this attack is based on the ability of an attacker to force an action on a user’s browser (commonly in the form of a POST request) to perform an unauthorized action on behalf of the user. This can often occur without the user even noticing it… or only noticing when it is too late. The root cause is that browsers automatically send session cookies with all requests to a given domain, regardless of where the source of the request came from, and the application server cannot differentiate between a request that came from pages it served or a request that came from an unrelated page.
pandyex
commented
2 years ago CSRF
pandyex
commented
2 years ago XXE
secure-code-warrior-for-github[bot]
commented
2 years ago An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server-side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
pandyex
commented
2 years ago CWE 112
pandyex
commented
2 years ago injection
pandyex
commented
2 years ago code injection
secure-code-warrior-for-github[bot]
commented
2 years ago Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.
pandyex
commented
2 years ago CWE 89
secure-code-warrior-for-github[bot]
commented
2 years ago The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
pandyex
commented
2 years ago SQL Injection
secure-code-warrior-for-github[bot]
commented
2 years ago This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.
pandyex
commented
2 years ago CWE 89
ivyhan-se
commented
2 years ago CWE-352
ivyhan-se
commented
2 years ago CWE 494
secure-code-warrior-for-github[bot]
commented
2 years ago The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.
ivyhan-se
commented
2 years ago cwe 352
ivyhan-se
commented
2 years ago cwe 494
ivyhan-se
commented
2 years ago cwe 863
ivyhan-se
commented
2 years ago CWE 863
CWE-352