Improper Filtering of Special Elements
Weakness ID: 790 (Weakness Class)Status: Incomplete
+ Description

Description Summary

The software receives data from an upstream component, but does not filter or incorrectly filters special elements before sending it to a downstream component.
+ Demonstrative Examples

Example 1

The following code takes untrusted input and uses a regular expression to filter "../" from the input. It then appends this result to the /home/user/ directory and attempts to read the file in the final resulting path.

(Bad Code)
Example Language: Perl 
my $Username = GetUntrustedInput();
$Username =~ s/\.\.\///;
my $filename = "/home/user/" . $Username;
ReadAndSendFile($filename);

Since the regular expression does not have the /g global match modifier, it only removes the first instance of "../" it comes across. So an input value such as:

(Attack)
 
../../../etc/passwd

will have the first "../" stripped, resulting in:

(Result)
 
../../etc/passwd

This value is then concatenated with the /home/user/ directory:

(Result)
 
/home/user/../../etc/passwd

which causes the /etc/passwd file to be retrieved once the operating system has resolved the ../ sequences in the pathname. This leads to relative path traversal (CWE-23).

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class138Improper Sanitization of Special Elements
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness Base791Incomplete Filtering of Special Elements
Research Concepts (primary)1000
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2009-12-04MITREInternal CWE Team
Back to top