Whodunit? Finding Security Vulnerabilities in Application Code

by Brian Princecode provided by Veracode and Qualys

This occurs when the software allows user input to control or influence paths that are used in filesystem operations. This vulnerability could permit an attacker to access or change system files and other files critical to the application.

The code is vulnerable to file/path manipulation because of insufficient input validation (cwe 20) on the fn parameter, which leads to arbitrary file retrieval.

SQL injection is one of the most popular vectors of attack. When executed, the SQL statement fetches a different set of results from the database than the application would have originally requested. The attacker gains unauthorized access to or manipulates the data residing in the database on the server.

The code is vulnerable to SQL injection because it creates an ad-hoc query using the employeeID parameter, which is untrusted.

Cross-site scripting (XSS) remains one of the most common vulnerabilities affecting Web applications. If successful, an exploit could allow hackers to bypass access controls such as same origin policy.

In this case, moving the <title> to after the <meta> tag prevents XSS attacks that trick the browser into using UTF-7 to decode the payload when the page should be actually rendered as UTF-8.