This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Cornucopia - Ecommerce Website - AZ Q
From OWASP
Suit: Authorization
Card/Value: Q
Description:
Christopher can inject a command that the application will run at a higher privilege level.
Technical Note:
Firstly apply appropriate input validation and encoding. In cases where the application must run with elevated privileges, raise privileges as late as possible, and drop them as soon as possible.
References:
| OWASP SCP | OWASP ASVS | OWASP AppSensor | CAPEC | SAFECODE |
|---|---|---|---|---|
| 209 | 5.12 | - | 17 | 8 |
| 15.7 | 30 | 10 | ||
| 69 | 11 | |||
| 234 |
