4 itens encontrados
Vulnerabilidades

PHP Misconfiguration: register_globals Enabled

Abstract
Configurar o PHP para registrar globalmente todas as variáveis de ambiente, GET, POST, cookie e servidor pode provocar um comportamento inesperado e deixar as portas abertas para invasores.
Explanation
Quando habilitada, a opção register_globals faz com que o PHP registre todas as variáveis EGPCS (Ambiente, GET, POST, Cookie e Servidor) em um nível global, em que elas podem ser acessadas em qualquer escopo de qualquer programa PHP. Essa opção incentiva os programadores a escrever programas mais ou menos inconscientes da origem dos valores dos quais eles dependem, o que pode provocar comportamentos inesperados em ambientes bem-intencionados e deixar as portas abertas para invasores em ambientes mal-intencionados. Reconhecendo as perigosas implicações de segurança de register_globals, essa opção foi desabilitada por padrão no PHP 4.2.0 e foi preterida e removida no PHP 6.

Exemplo 1: O código a seguir é vulnerável à criação de scripts entre sites. O programador supõe que o valor de $username origina-se da sessão controlada pelo servidor, mas, em vez disso, um invasor pode fornecer um valor mal-intencionado para $username como um parâmetro de solicitação. Com a opção register_globals habilitada, esse código incluirá um valor mal-intencionado enviado por um invasor no conteúdo HTML dinâmico que ele gera.


<?php
if (isset($username)) {
    echo "Hello <b>$username</b>";
} else {
    echo "Hello <b>Guest</b><br />";
    echo "Would you like to login?";

}
?>
References
[1] M. Achour et al. PHP Manual
[2] Artur Maj Securing PHP
[3] Standards Mapping - Common Weakness Enumeration CWE ID 473
[4] Standards Mapping - OWASP API 2023 API8 Security Misconfiguration
[5] Standards Mapping - OWASP Mobile 2014 M1 Weak Server Side Controls
[6] Standards Mapping - OWASP Top 10 2004 A10 Insecure Configuration Management
[7] Standards Mapping - OWASP Top 10 2010 A6 Security Misconfiguration
[8] Standards Mapping - OWASP Top 10 2013 A5 Security Misconfiguration
[9] Standards Mapping - OWASP Top 10 2017 A6 Security Misconfiguration
[10] Standards Mapping - OWASP Top 10 2021 A05 Security Misconfiguration
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.10
[12] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.10
[13] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.10
[14] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.10
[15] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.10
[16] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[17] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[18] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[19] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection
[20] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection
[21] Standards Mapping - Web Application Security Consortium Version 2.00 Application Misconfiguration (WASC-15)
desc.php.php_misconfiguration_register_globals

Possible Variable Overwrite

Abstract
O programa invoca uma função que pode sobrescrever variáveis e abrir as portas para invasores.
Explanation
Funções que podem sobrescrever variáveis já inicializadas podem permitir que um invasor influencie a execução do código que depende das variáveis sobrescritas.
pode substituir variáveis.

Exemplo 1: Se um invasor fornecer um valor mal-intencionado para varName no seguinte segmento de código ColdFusion, a chamada para SetVariable() poderá substituir qualquer variável arbitrária, inclusive #first#. Nesse caso, se um valor mal-intencionado que contém JavaScript sobrescrever #first#, o programa ficará vulnerável à criação de scripts entre sites. 


<cfset first = "User">
<cfscript>
SetVariable(url.varName, url.varValue);
</cfscript>
<cfoutput>
#first#
</cfoutput>
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 473
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[3] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[4] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-10 Information Input Validation (P1)
[5] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-10 Information Input Validation
[6] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-CODE-4
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation
[15] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.3.2 - Web Software Attack Mitigation
[16] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002530 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002530 CAT II
[18] Standards Mapping - Security Technical Implementation Guide Version 6.2 APSC-DV-002530 CAT II
desc.dataflow.cfml.possible_variable_overwrite

Possible Variable Overwrite: Functional Scope

Abstract
O programa invoca uma função que pode substituir as variáveis no escopo atual e pode abrir a porta para invasores.
Explanation
As funções que podem substituir as variáveis já inicializadas no escopo atual podem permitir que um invasor influencie a execução de código que depende das variáveis substituídas.
Exemplo 1: Se um invasor fornecer um valor mal-intencionado para str no segmento a seguir de código PHP, a chamada para parse_str() poderá substituir todas as variáveis arbitrárias no escopo atual, incluindo first. Nesse caso, se um valor mal-intencionado que contém JavaScript sobrescrever first, o programa ficará vulnerável à criação de scripts entre sites.


<?php
    $first="User";
    ...
    $str =  $_SERVER['QUERY_STRING'];
    parse_str($str);
    echo $first;
?>
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 473
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[3] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[4] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-10 Information Input Validation (P1)
[5] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-10 Information Input Validation
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.3.2 - Web Software Attack Mitigation
[15] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002530 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002530 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 6.2 APSC-DV-002530 CAT II
desc.dataflow.php.possible_variable_overwrite_current_scope

Possible Variable Overwrite: Global Scope

Abstract
O programa invoca uma função que pode substituir as variáveis globais e pode abrir a porta para invasores.
Explanation
As funções que podem substituir as variáveis globais já inicializadas podem permitir que um invasor influencie a execução de código que depende das variáveis substituídas.
Exemplo 1: Se um invasor fornecer código mal-intencionado para str no segmento a seguir de código PHP, a chamada para mb_parse_str() poderá substituir todas as variáveis arbitrárias, incluindo first. Nesse caso, se um valor mal-intencionado que contém JavaScript sobrescrever first, o programa ficará vulnerável à criação de scripts entre sites.


<?php
    $first="User";
    ...
    $str =  $_SERVER['QUERY_STRING'];
    mb_parse_str($str);
    echo $first;
?>
References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 473
[2] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-001310
[3] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data
[4] Standards Mapping - NIST Special Publication 800-53 Revision 4 SI-10 Information Input Validation (P1)
[5] Standards Mapping - NIST Special Publication 800-53 Revision 5 SI-10 Information Input Validation
[6] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.6
[7] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.6
[8] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.6
[9] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.6
[10] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4
[11] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4
[12] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection
[13] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation
[14] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection, Control Objective B.3.1 - Terminal Software Attack Mitigation, Control Objective B.3.1.1 - Terminal Software Attack Mitigation, Control Objective C.3.2 - Web Software Attack Mitigation
[15] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002530 CAT II
[16] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002530 CAT II
[17] Standards Mapping - Security Technical Implementation Guide Version 6.2 APSC-DV-002530 CAT II
desc.dataflow.php.possible_variable_overwrite_global