HOME

TheInfoList



Click Here for Items Related To - Unchecked User Input
OR:
Unchecked User Input on:   [Wikipedia]   [Google]   [Amazon]

Improper input validation or unchecked user input is a type of
vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." The understanding of social and environmental vulnerability, as a methodological approach, involves ...
in
computer software Software consists of computer programs that instruct the Execution (computing), execution of a computer. Software also includes design documents and specifications. The history of software is closely tied to the development of digital comput ...
that may be used for
security exploit An exploit is a method or piece of code that takes advantage of Vulnerability (computer security), vulnerabilities in software, Application software, applications, Computer network, networks, operating systems, or Computer hardware, hardware, typic ...
s. This vulnerability is caused when " e product does not validate or incorrectly validates input that can affect the control flow or data flow of a program." Examples include: * Buffer overflow *
Cross-site scripting Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be ...
*
Directory traversal A directory traversal (or path traversal) attack exploits insufficient security validation or sanitization of user-supplied file names, such that characters representing "traverse to parent directory" are passed through to the operating system's f ...
*
Null byte injection The null character is a control character with the value zero. Many character sets include a code point for a null character including Unicode (Universal Coded Character Set), ASCII (ISO/IEC 646), Baudot, ITA2 codes, the C0 control code, and EB ...
*
SQL injection In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injec ...
*
Uncontrolled format string Uncontrolled format string is a type of code injection software vulnerability, vulnerability discovered around 1989 that can be used in security exploits. Originally thought harmless, format string exploits can be used to Crash (computing), crash ...


References

{{security-software-stub Computer security exploits