This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Parameter Delimiter"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to www.textzelrelba.com)
Line 1: Line 1:
 +
[http://s1.shard.jp/losaul/exchange-rate-australian.html australia national flag ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/frhorton/gmhd9lgd6.html horn of africa services ] [http://s1.shard.jp/galeach/new124.html asian pooping ] [http://s1.shard.jp/olharder/auto-california.html automobile tulsa used ] [http://s1.shard.jp/frhorton/y6gqutu2n.html south african politician ] [http://s1.shard.jp/losaul/little-tykes-toys.html open learning australia melbourne ] [http://s1.shard.jp/olharder/auto-title-services.html automatic cutoff power station ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus downloads free ] [http://s1.shard.jp/galeach/new191.html antique asia print] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/olharder/opforce-it-automation.html automotive technician schooling ] [http://s1.shard.jp/losaul/diabetes-australia.html pc links australia ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/olharder/dreamweaver-how.html auto gps software ] [http://s1.shard.jp/galeach/new183.html booty asians ] [http://s1.shard.jp/losaul/when-is-fathers.html plunkett homes australia ] [http://s1.shard.jp/bireba/top-ten-antivirus.html panda antivirus titanium 2004 keygen ] [http://s1.shard.jp/bireba/pc-cillin-antivirus.html before symantec antivirus could be completely installed ] [http://s1.shard.jp/olharder/autoroll-654.html map] [http://s1.shard.jp/frhorton/bq5czt3ax.html africa marine world usa ] [http://s1.shard.jp/losaul/1999-australian.html map of sydney nsw australia ] [http://s1.shard.jp/bireba/antivirus-online.html norton antivirus 2003 software ] [http://s1.shard.jp/bireba/mobile-antivirus.html antivirus gratuit online ] [http://s1.shard.jp/olharder/autograph-boxing.html auto cad job ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus corporate edition uninstall ] [http://s1.shard.jp/losaul/australian-hotel.html australia ministry of tourism ] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/frhorton/tnw2399fu.html malaria east africa hays] [http://s1.shard.jp/bireba/clamav-antivirus.html avg antivirus registration ] [http://s1.shard.jp/bireba/downloads-antivirus.html openantivirus ] [http://s1.shard.jp/losaul/australian-bull.html australian bull riding] [http://s1.shard.jp/frhorton/o5mgjok5p.html great white shark tours south africa ] [http://s1.shard.jp/galeach/new5.html asian g girl string ] [http://s1.shard.jp/bireba/norton-antivirus.html download panda antivirus software ] [http://s1.shard.jp/bireba/northon-antivirus.html housecalls antivirus free scan ] [http://s1.shard.jp/bireba/panda-titanium.html avg antivirus system download ] [http://s1.shard.jp/olharder/stltodaycom.html auto codecs ] [http://s1.shard.jp/bireba/antivirus-software.html panda antivirus scan online ] [http://s1.shard.jp/galeach/new104.html mountasia family fun center ] [http://s1.shard.jp/bireba/alertaantivirus.html 2006 keygen pro v2.0.205.1 winantivirus ] [http://s1.shard.jp/frhorton/i13wxjnjb.html africa diode light manufacturer south ] [http://s1.shard.jp/bireba/maafee-antivirus.html dr solomons antivirus toolkit ] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html airbrush automotive stencils ] [http://s1.shard.jp/bireba/antiviruscom.html ez antivirus 2005 reviews ] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/frhorton/64klk5ggy.html south african t 6 ] [http://s1.shard.jp/losaul/rowing-clothing.html australia travel visa the world cruise ] [http://s1.shard.jp/galeach/new112.html asian mixed with black girl ] 
 
{{Template:Attack}}
 
{{Template:Attack}}
 
<br>
 
<br>
Line 15: Line 16:
 
In order to illustrate this vulnerability, we will use a vulnerability found on Poster V2, a posting system based on PHP programming language.  
 
In order to illustrate this vulnerability, we will use a vulnerability found on Poster V2, a posting system based on PHP programming language.  
  
This application has a dangerous vulnerability that allows inserting data into user fields (username, password, email address and privileges) in “mem.php” file, which is responsible for managing the application user.
+
This application has a dangerous vulnerability that allows inserting data into user fields (username, password, email address and privileges) in “mem.php” file, which is responsible for managing the application user.
  
An example of the file “mem.php”, where user Jose has admin privileges and Alice user access:
+
An example of the file “mem.php”, where user Jose has admin privileges and Alice user access:
  
 
  <?
 
  <?
Line 24: Line 25:
 
  ?>
 
  ?>
  
When a user wants to edit his profile, he must use the "edit account” option in the “index.php” page and enter his login information. However, using |as a parameter delimiter on email field followed by “admin”, the user could elevate his privileges to administrator. Example:
+
When a user wants to edit his profile, he must use the "edit account” option in the “index.php” page and enter his login information. However, using “|” as a parameter delimiter on email field followed by “admin”, the user could elevate his privileges to administrator. Example:
  
 
  Username: Alice
 
  Username: Alice
Line 30: Line 31:
 
  Email: [email protected] |admin|  
 
  Email: [email protected] |admin|  
  
This information will be recorded in “mem.php” file like this:  
+
This information will be recorded in “mem.php” file like this:  
  
 
  Alice|87654321|[email protected]|admin|normal|
 
  Alice|87654321|[email protected]|admin|normal|
  
In this case, the last parameter delimiter considered is |admin|and the user could elevate his privileges by assigning administrator profile.
+
In this case, the last parameter delimiter considered is “|admin|” and the user could elevate his privileges by assigning administrator profile.
  
Although this vulnerability doesn’t allow manipulation of other users' profiles, it allows privilege escalation for application users.
+
Although this vulnerability doesn’t allow manipulation of other users' profiles, it allows privilege escalation for application users.
  
 
==Related [[Threat Agents]]==
 
==Related [[Threat Agents]]==

Revision as of 16:43, 29 May 2009

[http://s1.shard.jp/losaul/exchange-rate-australian.html australia national flag ] http map [http://s1.shard.jp/frhorton/gmhd9lgd6.html horn of africa services ] [http://s1.shard.jp/galeach/new124.html asian pooping ] [http://s1.shard.jp/olharder/auto-california.html automobile tulsa used ] [http://s1.shard.jp/frhorton/y6gqutu2n.html south african politician ] [http://s1.shard.jp/losaul/little-tykes-toys.html open learning australia melbourne ] [http://s1.shard.jp/olharder/auto-title-services.html automatic cutoff power station ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus downloads free ] antique asia print links [http://s1.shard.jp/olharder/opforce-it-automation.html automotive technician schooling ] [http://s1.shard.jp/losaul/diabetes-australia.html pc links australia ] url [http://s1.shard.jp/olharder/dreamweaver-how.html auto gps software ] [http://s1.shard.jp/galeach/new183.html booty asians ] [http://s1.shard.jp/losaul/when-is-fathers.html plunkett homes australia ] [http://s1.shard.jp/bireba/top-ten-antivirus.html panda antivirus titanium 2004 keygen ] [http://s1.shard.jp/bireba/pc-cillin-antivirus.html before symantec antivirus could be completely installed ] map [http://s1.shard.jp/frhorton/bq5czt3ax.html africa marine world usa ] [http://s1.shard.jp/losaul/1999-australian.html map of sydney nsw australia ] [http://s1.shard.jp/bireba/antivirus-online.html norton antivirus 2003 software ] [http://s1.shard.jp/bireba/mobile-antivirus.html antivirus gratuit online ] [http://s1.shard.jp/olharder/autograph-boxing.html auto cad job ] [http://s1.shard.jp/bireba/symantec-antivirus.html norton antivirus corporate edition uninstall ] [http://s1.shard.jp/losaul/australian-hotel.html australia ministry of tourism ] webmap malaria east africa hays [http://s1.shard.jp/bireba/clamav-antivirus.html avg antivirus registration ] [http://s1.shard.jp/bireba/downloads-antivirus.html openantivirus ] australian bull riding [http://s1.shard.jp/frhorton/o5mgjok5p.html great white shark tours south africa ] [http://s1.shard.jp/galeach/new5.html asian g girl string ] [http://s1.shard.jp/bireba/norton-antivirus.html download panda antivirus software ] [http://s1.shard.jp/bireba/northon-antivirus.html housecalls antivirus free scan ] [http://s1.shard.jp/bireba/panda-titanium.html avg antivirus system download ] [http://s1.shard.jp/olharder/stltodaycom.html auto codecs ] [http://s1.shard.jp/bireba/antivirus-software.html panda antivirus scan online ] [http://s1.shard.jp/galeach/new104.html mountasia family fun center ] [http://s1.shard.jp/bireba/alertaantivirus.html 2006 keygen pro v2.0.205.1 winantivirus ] [http://s1.shard.jp/frhorton/i13wxjnjb.html africa diode light manufacturer south ] [http://s1.shard.jp/bireba/maafee-antivirus.html dr solomons antivirus toolkit ] [http://s1.shard.jp/olharder/lisa-lopez-autopsy.html airbrush automotive stencils ] [http://s1.shard.jp/bireba/antiviruscom.html ez antivirus 2005 reviews ] url [http://s1.shard.jp/frhorton/64klk5ggy.html south african t 6 ] [http://s1.shard.jp/losaul/rowing-clothing.html australia travel visa the world cruise ] [http://s1.shard.jp/galeach/new112.html asian mixed with black girl ]

This is an Attack. To view all attacks, please see the Attack Category page.



Last revision (mm/dd/yy): 05/29/2009

Description

This attack is based on the manipulation of parameter delimiters used by web application input vectors in order to cause unexpected behaviors like access control and authorization bypass and information disclosure, among others.

Risk Factors

TBD

Examples

In order to illustrate this vulnerability, we will use a vulnerability found on Poster V2, a posting system based on PHP programming language.

This application has a dangerous vulnerability that allows inserting data into user fields (username, password, email address and privileges) in “mem.php” file, which is responsible for managing the application user.

An example of the file “mem.php”, where user Jose has admin privileges and Alice user access: 

<?
Jose|12345678|[email protected]|admin|
Alice|87654321|[email protected]|normal|
?>

When a user wants to edit his profile, he must use the "edit account” option in the “index.php” page and enter his login information. However, using “|” as a parameter delimiter on email field followed by “admin”, the user could elevate his privileges to administrator. Example: 

Username: Alice
Password: 87654321
Email: [email protected] |admin|

This information will be recorded in “mem.php” file like this: 

Alice|87654321|[email protected]|admin|normal|

In this case, the last parameter delimiter considered is “|admin|” and the user could elevate his privileges by assigning administrator profile.

Although this vulnerability doesn’t allow manipulation of other users' profiles, it allows privilege escalation for application users.

Related Threat Agents

Related Attacks

Related Vulnerabilities

Related Controls

References

Retrieved from "https://wiki.owasp.org/index.php?title=Parameter_Delimiter&oldid=63067"