Failure to Sanitize Data into a Different Plane ('Injection')
Weakness ID: 74 (Weakness Class)Status: Incomplete
+ Description

Description Summary

The software fails to adequately filter user-controlled input data for syntax that has control-plane implications.

Extended Description

Software has certain assumptions about what constitutes data and control respectively. It is the lack of verification of these assumptions for user-controlled input that leads to injection problems. Injection problems encompass a wide variety of issues -- all mitigated in very different ways and usually attempted in order to alter the control flow of the process. For this reason, the most effective way to discuss these weaknesses is to note the distinct features which classify them as injection weaknesses. The most important issue to note is that all injection problems share one thing in common -- i.e., they allow for the injection of control plane data into the user-controlled data plane. This means that the execution of the process may be altered by sending code in through legitimate data channels, using no other mechanism. While buffer overflows, and many other flaws, involve the use of some further issue to gain execution, injection problems need only for the data to be parsed. The most classic instantiations of this category of weakness are SQL injection and format string vulnerabilities.

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Applicable Platforms

Languages

All

+ Common Consequences
ScopeEffect
Confidentiality

Many injection attacks involve the disclosure of important information -- in terms of both data sensitivity and usefulness in further exploitation

Authentication

In some cases injectable code controls authentication; this may lead to remote vulnerability

Access Control

Injection attacks are characterized by the ability to significantly change the flow of a given process, and in some cases, to the execution of arbitrary code.

Integrity

Data injection attacks lead to loss of data integrity in nearly all cases as the control-plane data injected is always incidental to data recall or writing.

Accountability

Often the actions performed by injected control code are unlogged.

+ Likelihood of Exploit

Very High

+ Potential Mitigations

Requirements specification: Programming languages and supporting technologies might be chosen which are not subject to these issues.

Phase: Implementation

Utilize an appropriate mix of white-list and black-list parsing to filter control-plane syntax from all input.

+ Weakness Ordinalities
OrdinalityDescription
Primary
(where the weakness exists independent of other weaknesses)
+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class20Improper Input Validation
Development Concepts (primary)699
ChildOfWeakness ClassWeakness Class707Improper Enforcement of Message or Data Structure
Research Concepts (primary)1000
ChildOfCategoryCategory727OWASP Top Ten 2004 Category A6 - Injection Flaws
Weaknesses in OWASP Top Ten (2004) (primary)711
ParentOfWeakness ClassWeakness Class75Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class77Improper Sanitization of Special Elements used in a Command ('Command Injection')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base79Failure to Preserve Web Page Structure ('Cross-site Scripting')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base91XML Injection (aka Blind XPath Injection)
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base93Failure to Sanitize CRLF Sequences ('CRLF Injection')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class94Failure to Control Generation of Code ('Code Injection')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base99Improper Control of Resource Identifiers ('Resource Injection')
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base134Uncontrolled Format String
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness ClassWeakness Class138Improper Sanitization of Special Elements
Development Concepts (primary)699
CanFollowWeakness ClassWeakness Class20Improper Input Validation
Research Concepts1000
CanFollowWeakness ClassWeakness Class116Improper Encoding or Escaping of Output
Research Concepts1000
+ Relationship Notes

In the development view (CWE-699), this is classified as an Input Validation problem (CWE-20) because many people do not distinguish between the consequence/attack (injection) and the protection mechanism that prevents the attack from succeeding. In the research view (CWE-1000), however, input validation is only one potential protection mechanism (output encoding is another), and there is a chaining relationship between improper input validation and the failure to enforce the structure of messsages to other components. Other issues not directly related to input validation, such as race conditions, could similarly impact message structure.

+ Causal Nature

Explicit

+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CLASPInjection problem ('data' used as something else)
OWASP Top Ten 2004A6CWE More SpecificInjection Flaws
+ Related Attack Patterns
CAPEC-IDAttack Pattern Name
(CAPEC Version: 1.4)
3Using Leading 'Ghost' Character Sequences to Bypass Input Filters
7Blind SQL Injection
8Buffer Overflow in an API Call
9Buffer Overflow in Local Command-Line Utilities
10Buffer Overflow via Environment Variables
13Subverting Environment Variable Values
14Client-side Injection-induced Buffer Overflow
24Filter Failure through Buffer Overflow
28Fuzzing
40Manipulating Writeable Terminal Devices
42MIME Conversion
43Exploiting Multiple Input Interpretation Layers
45Buffer Overflow via Symbolic Links
46Overflow Variables and Tags
47Buffer Overflow via Parameter Expansion
51Poison Web Service Registry
52Embedding NULL Bytes
53Postfix, Null Terminate, and Backslash
101Server Side Include (SSI) Injection
64Using Slashes and URL Encoding Combined to Bypass Validation Logic
66SQL Injection
67String Format Overflow in syslog()
72URL Encoding
78Using Escaped Slashes in Alternate Encoding
79Using Slashes in Alternate Encoding
83XPath Injection
34HTTP Response Splitting
76Manipulating Input to File System Calls
71Using Unicode Encoding to Bypass Validation Logic
80Using UTF-8 Encoding to Bypass Validation Logic
84XQuery Injection
91XSS in IMG Tags
106Cross Site Scripting through Log Files
108Command Line Execution through SQL Injection
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
CLASPExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time of Introduction
2008-08-15VeracodeExternal
Suggested OWASP Top Ten 2004 mapping
2008-09-08CWE Content TeamMITREInternal
updated Common Consequences, Description, Relationships, Other Notes, Relationship Notes, Taxonomy Mappings, Weakness Ordinalities
2009-01-12CWE Content TeamMITREInternal
updated Relationships
2009-05-27CWE Content TeamMITREInternal
updated Name, Related Attack Patterns
2009-07-27CWE Content TeamMITREInternal
updated Relationships
2009-10-29CWE Content TeamMITREInternal
updated Description, Other Notes
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Injection
2009-05-27Failure to Sanitize Data into a Different Plane (aka 'Injection')