An API is a contract between a caller and a callee. The most common forms of API abuse are caused by the caller failing to honor its end of this contract. For example, if a program fails to call chdir() after calling chroot(), it violates the contract that specifies how to change the active root directory in a secure fashion. Another good example of library abuse is expecting the callee to return trustworthy DNS information to the caller. In this case, the caller abuses the callee API by making certain assumptions about its behavior (that the return value can be used for authentication purposes). One can also violate the caller-callee contract from the other side. For example, if a coder subclasses SecureRandom and returns a non-random value, the contract is violated.
DBMS_UTILITY.EXEC_DDL_STATEMENT
will only execute statements classified as part of the Data Definition Language. Other statements not supported by embedded SQL will be silently ignored. This behavior makes it difficult to detect errors when using the procedure.http://www.example.com/index.php?param=...
, the following snippet of php within index.php
will print the value of the URL parameter param
(passed in-place of the "...") to the screen if it matches the POSIX regular expression '^[[:alnum:]]*$'
representing "zero or more alphanumeric characters":
<?php
$pattern = '^[[:alnum:]]*$';
$string = $_GET['param'];
if (ereg($pattern, $string)) {
echo($string);
}
?>
Example 1
operates as expected with alphanumeric input, because the unsafe ereg()
function is used to validate tainted input, it is possible to carry out a cross-site scripting (XSS) attack via null
byte injection. By passing a value for param
containing a valid alphanumeric string followed by a null
byte and then a <script>
tag (e.g. "Hello123%00<script>alert("XSS")</script>"
), ereg($pattern, $string)
will still return true
, as the ereg()
function ignores everything following a null
byte character when reading the input string (left-to-right). In this example, this means that the injected <script>
tag following the null
byte will be displayed to the user and evaluated.xp_cmdshell
cannot be used safely. It should not be used.xp_cmdshell
launches a Windows command shell to execute the provided command string. The command executes either in the default system or a provided proxy context. However, there is no way to limit a user to prespecified set of privileged operations and any privilege grant opens up the user to execute any command string.