CWE-472: External Control of Assumed-Immutable Web Parameter
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable, such as hidden form fields.
常见后果
影响范围: Integrity
技术影响: Modify Application Data
说明: Without appropriate protection mechanisms, the client can easily tamper with cookies and similar web data. Reliance on the cookies without detailed validation can lead to problems such as SQL injection. If you use cookie values for security related decisions on the server side, manipulating the cookies might lead to violations of security policies such as authentication bypassing, user impersonation and privilege escalation. In addition, storing sensitive data in the cookie without appropriate protection can also lead to disclosure of sensitive user data, especially data stored in persistent cookies.
潜在缓解措施
阶段: Implementation
策略: Input Validation
阶段: Implementation
策略: Input Validation
描述: Inputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
检测方法
方法: Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
有效性: High
观察示例
参考: CVE-2002-0108
Forum product allows spoofed messages of other users via hidden form fields for name and e-mail address.
参考: CVE-2000-0253
Shopping cart allows price modification via hidden form field.
参考: CVE-2000-0254
Shopping cart allows price modification via hidden form field.
参考: CVE-2000-0926
Shopping cart allows price modification via hidden form field.
参考: CVE-2000-0101
Shopping cart allows price modification via hidden form field.
参考: CVE-2000-0102
Shopping cart allows price modification via hidden form field.
参考: CVE-2000-0758
Allows admin access by modifying value of form field.
参考: CVE-2002-1880
Read messages by modifying message ID parameter.
参考: CVE-2000-1234
Send email to arbitrary users by modifying email parameter.
参考: CVE-2005-1652
Authentication bypass by setting a parameter.
参考: CVE-2005-1784
Product does not check authorization for configuration change admin script, leading to password theft via modified e-mail address field.
参考: CVE-2005-2314
Logic error leads to password disclosure.
参考: CVE-2005-1682
Modification of message number parameter allows attackers to read other people's messages.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | OMISSION: This weakness is caused by missing a security tactic during the architecture and design phase. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| PLOVER | - | Web Parameter Tampering | - |
| OWASP Top Ten 2007 | A4 | Insecure Direct Object Reference | CWE More Specific |
| OWASP Top Ten 2004 | A1 | Unvalidated Input | CWE More Specific |
关键信息
CWE ID: CWE-472
抽象级别: Base
结构: Simple
状态: Draft