This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Cornucopia - Ecommerce Website - AZ Q"
From OWASP
(Created page with "{{DISPLAYTITLE:<span style="padding:2px 5px 0px 5px;color:white;background:#d9c049;">Cornucopia - Ecommerce Website - AZ Q</span>}} File:Cornucopia_-_Ecommerce_Website_AZ_Q....") |
|||
| Line 52: | Line 52: | ||
</tr> | </tr> | ||
</table> | </table> | ||
| − | |||
| − | |||
Latest revision as of 16:26, 21 January 2016
Suit: Authorization
Card/Value: Q
Description:
Christopher can inject a command that the application will run at a higher privilege level.
Technical Note:
Firstly apply appropriate input validation and encoding. In cases where the application must run with elevated privileges, raise privileges as late as possible, and drop them as soon as possible.
References:
| OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
|---|---|---|---|---|
| 209 | 5.12 | - | 17 | 8 |
| 15.7 | 30 | 10 | ||
| 69 | 11 | |||
| 234 |
