Kingdom: Input Validation and Representation
Input validation and representation problems ares caused by metacharacters, alternate encodings and numeric representations. Security problems result from trusting input. The issues include: "Buffer Overflows," "Cross-Site Scripting" attacks, "SQL Injection," and many others.
JSON Path Manipulation
Abstract
The application performs a JSON query with untrusted data that might enable attackers to query unexpected parts of the JSON document.
Explanation
"JSON Path" allows developers to query JSON documents in a similar way that XPath allows querying XML documents. Allowing users to arbitrarily choose the key used to assemble the query may allow them to query different and unexpected parts of the document, which may give them access to private or sensitive data.
Example 1: The following code uses a user-defined keyword to access a JSON document which contains public user details, such as name and address, but the JSON document also contains private details such as their password.
Since
Example 1: The following code uses a user-defined keyword to access a JSON document which contains public user details, such as name and address, but the JSON document also contains private details such as their password.
def searchUserDetails(key:String) = Action.async { implicit request =>
val user_json = getUserDataFor(user)
val value = (user_json \ key).get.as[String]
...
}
Since
key is user-controllable, a malicious user can leverage this to access the user's passwords, and any other private data that may be contained within the JSON document.desc.dataflow.scala.json_path_manipulation