Tainted Object Propagation
Monday, December 8th, 2008Subscribe To Our Feed | Follow Us On Twitter | Get Updates on Email
Basically, Tainted Object Propagation is the term defined for using incorrect or invalid inputs to get more than required information from the system and in some cases, taking control of the system. Although this technique is much widely used to misuse web applications and database oriented applications, but this holds true for any API publisher who exposes his API’s to third party application writers.
Again, just like previous post, Let’s start with an example.
Consider that a web page or an application takes an input “userName” and the application executes the following query to find that particular user.
HttpServletRequest request = ...; String userName = request.getParameter("name"); Connection con = ... String query = "SELECT * FROM Users " + " WHERE name = ’" + userName + "’"; con.execute(query);
Now, this is the usual code written by programmers to get the particular from the database. Now, if an attacker gets the control of the userName field, he can set it to ‘OR 1=1; This query allows the user to circumvent user name check and returns all the users from the database. In this case, the input variable “userName” is considered as Tainted Object.
© Safer Code | Tainted Object Propagation
|
Liked this post? Get FREE Updates Subscribe to RSS feed 
|
