Ferona Octavia Twinnice Tampubolon

2181030

Ethical Hacking

Topic : Examining the Top 25 Most Dangerous Software Flaws

1. Out-of-bounds Write

Description

The product writes data past the end, or before the beginning, of the intended buffer.

Applicable Platforms

**Languages:**

- C (Often Prevalent)

- C++ (Often Prevalent)

Technologies/Platforms:

- ICS/OT (Often Prevalent)

Consequences

Integrity: Write operations could cause memory corruption. An adversary might modify control data
such as return addresses to execute unauthorized code.

Availability: Attempting to access out-of-range, invalid, or unauthorized memory could cause the
product to crash.

Other: Subsequent write operations can produce undefined or unexpected results.

Technical Impact:

- Modify Memory: Execution of unauthorized code or commands.

-DoS (Denial of Service): Crash, exit, or restart the application.

- Unexpected State:Production of undefined or unexpected results.

2. Improper Neutralization of Input During Web Page Generation

('Cross-site Scripting')
Description

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed
in output that is used as a web page that is served to other users.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Technologies

Class: Web Based (Often Prevalent)

Consequences

Technical Impact: Bypass Protection Mechanism; Read Application Data

The most common attack performed with cross-site scripting involves the
disclosure of information stored in user cookies. Typically, a malicious user
Access Control will craft a client-side script, which -- when parsed by a web browser --
Confidentiality performs some activity (such as sending all site cookies to a given E-mail
address). This script will be loaded and run by each user visiting the web
site. Since the site requesting to run the script has access to the cookies in
question, the malicious script does also.

Integrity Technical Impact: Execute Unauthorized Code or Commands

Confidentiality In some circumstances it may be possible to run arbitrary code on a victim's
Availability computer when cross-site scripting is combined with other flaws.

Technical Impact: Execute Unauthorized Code or Commands; Bypass

Protection Mechanism; Read Application Data

The consequence of an XSS attack is the same regardless of whether it is

stored or reflected. The difference is in how the payload arrives at the
server. XSS can cause a variety of problems for the end user that range in
Confidentiality severity from an annoyance to complete account compromise. Some cross-
Integrity site scripting vulnerabilities can be exploited to manipulate or steal cookies,
Availability create requests that can be mistaken for those of a valid user, compromise
Access Control confidential information, or execute malicious code on the end user
systems for a variety of nefarious purposes. Other damaging attacks include
the disclosure of end user files, installation of Trojan horse programs,
redirecting the user to some other page or site, running "Active X" controls
(under Microsoft Internet Explorer) from sites that a user perceives as
trustworthy, and modifying presentation of content.
 3. Improper Neutralization of Special Elements used in an SQL
Command ('SQL Injection')

Description

The product constructs all or part of an SQL command using externally-influenced input from an
upstream component, but it does not neutralize or incorrectly neutralizes special elements that
could modify the intended SQL command when it is sent to a downstream component. Without
sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can
cause those inputs to be interpreted as SQL instead of ordinary user data.

Applicable Platforms

Languages

Class: Not Language-Specific (Undetermined Prevalence)

Technologies

Database Server (Undetermined Prevalence)

Consequences

Scope Impact Likelihood

Technical Impact: Execute Unauthorized Code or Commands

Confidentiality
Integrity Adversaries could execute system commands, typically by changing
Availability the SQL statement to redirect output to a file that can then be
executed.

Technical Impact: Read Application Data

Confidentiality Since SQL databases generally hold sensitive data, loss of

confidentiality is a frequent problem with SQL injection
vulnerabilities.

Technical Impact: Gain Privileges or Assume Identity; Bypass

Protection Mechanism

Authentication If poor SQL commands are used to check user names and
passwords or perform other kinds of authentication, it may be
possible to connect to the product as another user with no
previous knowledge of the password.

Technical Impact: Bypass Protection Mechanism

Access Control If authorization information is held in a SQL database, it may be

possible to change this information through the successful
exploitation of a SQL injection vulnerability.

Integrity Technical Impact: Modify Application Data

 Just as it may be possible to read sensitive information, it is also
possible to modify or even delete this information with a SQL
injection attack.

4. Improper Input Validation

Description

The product receives input or data, but it does not validate or incorrectly validates that the input has
the properties that are required to process the data safely and correctly.

Applicable Platforms

Languages

Class: Not Language-Specific (Often Prevalent)

Consequences

Scope Impact Likelihood

Technical Impact: DoS: Crash, Exit, or Restart; DoS: Resource

Consumption (CPU); DoS: Resource Consumption (Memory)
Availability An attacker could provide unexpected values and cause a
program crash or excessive consumption of resources, such as
memory and CPU.

Technical Impact: Read Memory; Read Files or Directories

Confidentiality An attacker could read confidential data if they are able to
control resource references.

Technical Impact: Modify Memory; Execute Unauthorized Code or

Integrity Commands
Confidentiality An attacker could use malicious input to modify data or possibly
Availability alter control flow in unexpected ways, including arbitrary
command execution.

5. Out-of-bounds Read
Description

The product reads data past the end, or before the beginning, of the intended buffer.

Applicable Platforms

Languages

C (Undetermined Prevalence)

C++ (Undetermined Prevalence)

Technologies

Class: ICS/OT (Often Prevalent)

Consequences

Scope Impact Likelihood

Technical Impact: Read Memory

Confidentiality An attacker could get secret values such as cryptographic keys,

PII, memory addresses, or other information that could be used
in additional attacks.

Technical Impact: Bypass Protection Mechanism

Out-of-bounds memory could contain memory addresses or other

Confidentiality information that can be used to bypass ASLR and other
protection mechanisms in order to improve the reliability of
exploiting a separate weakness for code execution.

Technical Impact: DoS: Crash, Exit, or Restart

An attacker could cause a segmentation fault or crash by causing

Availability memory to be read outside of the bounds of the buffer. This is
especially likely when the code reads a variable amount of data
and assumes that a sentinel exists to stop the read operation,
such as a NUL in a string.

Technical Impact: Varies by Context

Other The read operation could produce other undefined or unexpected
results.

Here's a detailed template for each of the Common Weakness Enumeration (CWE) entries you
mentioned:

---
**6. CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command
Injection')**

- **Description:** This vulnerability occurs when an application allows untrusted input to be

included in an OS command without proper validation or escaping. Attackers can exploit this flaw
to execute arbitrary commands on the server.

- **Applicable:** Web applications, software applications with command-line interfaces, server-

side scripts.

- **Platform:** Linux, Windows, Unix-based systems, or any platform where OS commands are
used.

- **Consequences:** Unauthorized access or control over the operating system, data breaches,
system compromise, potential full server takeover.

**7. CWE-416: Use After Free**

- **Description:** This weakness happens when an application continues to use a pointer or

reference to a memory location after it has been freed. This can lead to unpredictable behavior,
crashes, or arbitrary code execution.

- **Applicable:** C, C++, and other languages that manage memory manually.

- **Platform:** Any platform that supports dynamic memory allocation.

- **Consequences:** Application crashes, data corruption, or remote code execution.

**8. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')**

- **Description:** This vulnerability allows attackers to traverse the filesystem and access files or
directories outside the intended path by using special characters like "../".

- **Applicable:** Web applications, file handling utilities.

- **Platform:** Any system that accepts user inputs for file paths.

- **Consequences:** Unauthorized access to sensitive files, data exposure, or system

compromise.

**9. CWE-352: Cross-Site Request Forgery (CSRF)**

- **Description:** CSRF vulnerabilities occur when an attacker tricks a user into performing
actions on a web application where they are authenticated. The application performs unintended
actions on behalf of the user.

- **Applicable:** Web applications that perform state-changing operations based on user input.

- **Platform:** Web browsers, web servers.

- **Consequences:** Unauthorized actions performed on behalf of the user, potential data

manipulation, or account compromise.

**10. CWE-434: Unrestricted Upload of File with Dangerous Type**

- **Description:** This flaw arises when an application allows users to upload files without
properly validating the file type or content. This can lead to execution of malicious files on the
server.

- **Applicable:** Web applications, file upload services.

- **Platform:** Any system that supports file uploads.

- **Consequences:** Remote code execution, server compromise, or data breaches.

**11. CWE-476: NULL Pointer Dereference**

- **Description:** This vulnerability occurs when an application dereferences a pointer that has a
NULL value, leading to crashes or unexpected behavior.

- **Applicable:** C, C++, and other languages that support pointers.

- **Platform:** Any system using pointer-based memory management.

- **Consequences:** Application crashes, potential denial of service.

**12. CWE-502: Deserialization of Untrusted Data**

- **Description:** This weakness happens when an application deserializes data from untrusted
sources without proper validation, which can lead to remote code execution or other malicious
activities.

- **Applicable:** Applications that use object serialization.

- **Platform:** Java, .NET, and other environments with serialization mechanisms.

- **Consequences:** Remote code execution, data corruption, or application compromise.

**13. CWE-190: Integer Overflow or Wraparound**

- **Description:** This vulnerability occurs when an arithmetic operation results in an integer

exceeding its maximum value, leading to unintended behavior or vulnerabilities.

- **Applicable:** C, C++, and other languages with fixed-size integer types.

- **Platform:** Any platform with integer arithmetic operations.

- **Consequences:** Memory corruption, unexpected behavior, or security vulnerabilities.

**14. CWE-287: Improper Authentication**

- **Description:** This weakness occurs when an application fails to properly authenticate users
or verify credentials, leading to unauthorized access.

- **Applicable:** Web applications, APIs, or any authentication mechanisms.

- **Platform:** Any system with user authentication.

- **Consequences:** Unauthorized access, data breaches, or system compromise.

**15. CWE-798: Use of Hard-coded Credentials**

- **Description:** This flaw occurs when credentials are embedded in the source code, making
them easily accessible to attackers who gain access to the code.

- **Applicable:** Software applications, scripts.

- **Platform:** Any platform that executes the software with hard-coded credentials.

- **Consequences:** Unauthorized access, data breaches, or system compromise.

**16. CWE-862: Missing Authorization**

- **Description:** This vulnerability arises when an application fails to check whether a user has
the necessary permissions to perform an action, leading to unauthorized access.

- **Applicable:** Web applications, APIs, software with access controls.

- **Platform:** Any system with user authorization.

- **Consequences:** Unauthorized actions, data breaches, or privilege escalation.

**17. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command
Injection')**

- **Description:** Similar to OS Command Injection, this vulnerability involves allowing untrusted

input to be used in a command, which can be exploited to execute arbitrary commands.

- **Applicable:** Applications that pass user input to system commands.

- **Platform:** Any platform that executes commands based on user input.

- **Consequences:** Unauthorized command execution, system compromise, or data breaches.

**18. CWE-306: Missing Authentication for Critical Function**

- **Description:** This weakness occurs when critical functions or endpoints are accessible
without proper authentication, allowing unauthorized users to perform sensitive actions.

- **Applicable:** Web applications, APIs, and critical system functions.

- **Platform:** Any system with critical functions.

- **Consequences:** Unauthorized access, data manipulation, or system compromise.

**19. CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer**

- **Description:** This vulnerability occurs when an application allows operations outside the
bounds of a memory buffer, potentially leading to buffer overflow or underflow conditions.

- **Applicable:** C, C++, and other languages with manual memory management.

- **Platform:** Any platform using manual memory management.

- **Consequences:** Memory corruption, application crashes, or remote code execution.

**20. CWE-276: Incorrect Default Permissions**

- **Description:** This flaw happens when default permissions are too permissive, allowing
unintended access to files, directories, or resources.

- **Applicable:** File systems, software applications with configurable permissions.

- **Platform:** Any system with configurable permissions.

- **Consequences:** Unauthorized access, data breaches, or system compromise.

**21. CWE-918: Server-Side Request Forgery (SSRF)**

- **Description:** SSRF occurs when an attacker can trick a server into making requests to internal
or external resources, potentially accessing internal services or systems.

- **Applicable:** Web applications, APIs with server-side request capabilities.

- **Platform:** Any platform with server-side request functionalities.

- **Consequences:** Internal network access, data exposure, or server compromise.

**22. CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization
('Race Condition')**

- **Description:** This vulnerability arises when multiple threads or processes access shared
resources without proper synchronization, leading to inconsistent or unintended behavior.

- **Applicable:** Multi-threaded or multi-process applications.

- **Platform:** Any system with concurrent execution.

- **Consequences:** Data corruption, application crashes, or unexpected behavior.

**23. CWE-400: Uncontrolled Resource Consumption**

- **Description:** This weakness happens when an application does not properly limit the use of
resources like CPU, memory, or bandwidth, potentially leading to denial of service.

- **Applicable:** Web applications, network services.

- **Platform:** Any system with resource constraints.

- **Consequences:** Service downtime, performance degradation, or denial of service.

**24. CWE-611: Improper Restriction of XML External Entity Reference**

- **Description:** This vulnerability occurs when XML input is processed without properly
restricting XML external entity references, leading to information disclosure or other attacks.

- **Applicable:** Applications that parse XML.

- **Platform:** Any system with XML parsing capabilities.

- **Consequences:** Data exposure, server compromise, or denial of service.

**25. CWE-94: Improper Control of Generation of Code ('Code Injection')**

- **Description:** Code injection vulnerabilities arise when untrusted data is used to dynamically
generate code, leading to execution of arbitrary code.

- **Applicable:** Applications that generate or execute code dynamically.

- **Platform:** Any system that allows dynamic code generation.

- **Consequences:** Remote code execution, application compromise, or data breaches.

---

Feel free to adapt or expand upon this template based on specific requirements or additional
details for each CWE.