Corina Aionioaie
25.11.2014
Agenda
1. What is it?
2. Types
3. What does it lead to ?
4. Where can you find it?
5. Attacks and Reports
6. Bibliography
What is it ?
Types
protocol errors
missing or improper output encoding or escaping
outputting of invalid data
application errors (includes logic errors)
outputting incorrect data
passing on malicious content unfiltered
data consumer related errors
indistinguishability between legimitimate/ilegitimate content
no work around for known vulnerabilities in data consumer
Improper Output Handling
Content Spoofing
URL Redirector
Cross-Site Scripting
XML Injection
XQuery Injection
XPath Injection
LDAP Injection
OS Commanding
Null Injection
Routing Detour
SQL Injection
operating system
Notable attacks : XML Injection, SOAP Array Abuse, XML External Entities ,
XML Entity Expansion , and XML Attribute Blowup
Improper Output Handling
applications must insure that SQL queries based upon user influenced
data will not allow the data to be interpretted as instructions to the
database
sub doit {
my $uname = encode(GetUntrustedInput("username"));
print "<b>Welcome, $uname!</b><p>\n";
system("cd /home/$uname; /bin/ls -l");}
Improper Output Handling
SQL injection vulnerability in the login feature in Poll Pro 2.0 allows remote
attackers to execute arbitrary SQL commands via the password and
username parameters.
CVE-2008-3773
Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3,
when "Show New Private Message Notification Pop-Up" is enabled, allows
remote authenticated users to inject arbitrary web script or HTML via a
private message subject, allowing an attacker to carry out an action
impersonating a legal user, or to obtain access to a user's account.
Bibliography
1.http://shiflett.org/blog/2005/dec/googles-xss-vulnerability
2.http://projects.webappsec.org/w/page/13246934/Improper
%20Output%20Handling
3.http://cwe.mitre.org/data/definitions/116.html
4.https://www.juniper.net/security/auto/vulnerabilities/vuln32707.html
5.http://minsky.gsi.dit.upm.es/semanticwiki/index.php/Category:Impro
per_Encoding_or_Escaping_of_Output