Code Injection (Timing Attack)

critical Web App Scanning Plugin ID 98122

Synopsis

Code Injection (Timing Attack)

Description

A modern web application will be reliant on several different programming languages.

These languages can be broken up in two flavours. These are client-side languages (such as those that run in the browser -- like JavaScript) and server-side languages (which are executed by the server -- like ASP, PHP, JSP, etc.) to form the dynamic pages (client-side code) that are then sent to the client.

Because all server-side code should be executed by the server, it should only ever come from a trusted source.

Code injection occurs when the server takes untrusted code (ie. from the client) and executes it.

Cyber-criminals will abuse this weakness to execute arbitrary code on the server, which could result in complete server compromise.

By injecting server-side code that is known to take a specific amount of time to execute, scanner was able to detect time-based code injection. This indicates that proper input sanitisation is not occurring.

Solution

It is recommended that untrusted input is never processed as server-side code.
To validate input, the application should ensure that the supplied value contains only the data that are required to perform the relevant action.
For example, where a username is required, then no non-alpha characters should not be accepted.

See Also

http://docs.python.org/py3k/library/functions.html#eval

http://en.wikipedia.org/wiki/Eval#Ruby

http://perldoc.perl.org/functions/eval.html

http://php.net/manual/en/function.eval.php

http://www.aspdev.org/asp/asp-eval-execute/

Plugin Details

Severity: Critical

ID: 98122

Type: remote

Published: 3/31/2017

Updated: 1/23/2023

Scan Template: api, pci, scan

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information