Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Web Services Protocol Manipulation |
|
XQuery Injection |
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Using Escaped Slashes in Alternate Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
SOAP Manipulation |
|
Generic Cross-Browser Cross-Domain Theft |
CWE-149
|
Improper Neutralization of Quoting Syntax
|
CWE-177
|
Improper Handling of URL Encoding (Hex Encoding)
|
CWE-707
|
Improper Neutralization
|
CWE-838
|
Inappropriate Encoding for Output Context
|
|
Blind SQL Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-89
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
|
CWE-209
|
Generation of Error Message Containing Sensitive Information
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Data Interchange Protocol Manipulation |
|
HTTP Request Smuggling |
CWE-444
|
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
|
CWE-707
|
Improper Neutralization
|
|
Exploiting Multiple Input Interpretation Layers |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-77
|
Improper Neutralization of Special Elements used in a Command ('Command Injection')
|
CWE-78
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
|
CWE-171
|
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
HTTP Response Splitting |
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-113
|
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Postfix, Null Terminate, and Backslash |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
XML Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-91
|
XML Injection (aka Blind XPath Injection)
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|
Inter-component Protocol Manipulation |
|
Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CWE-20
|
Improper Input Validation
|
CWE-41
|
Improper Resolution of Path Equivalence
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-179
|
Incorrect Behavior Order: Early Validation
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-183
|
Permissive List of Allowed Inputs
|
CWE-184
|
Incomplete List of Disallowed Inputs
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Embedding NULL Bytes |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-158
|
Improper Neutralization of Null Byte or NUL Character
|
CWE-171
|
|
CWE-172
|
Encoding Error
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
Using Slashes in Alternate Encoding |
CWE-20
|
Improper Input Validation
|
CWE-21
|
|
CWE-22
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
|
CWE-73
|
External Control of File Name or Path
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-171
|
|
CWE-173
|
Improper Handling of Alternate Encoding
|
CWE-180
|
Incorrect Behavior Order: Validate Before Canonicalize
|
CWE-181
|
Incorrect Behavior Order: Validate Before Filter
|
CWE-185
|
Incorrect Regular Expression
|
CWE-200
|
Exposure of Sensitive Information to an Unauthorized Actor
|
CWE-697
|
Incorrect Comparison
|
CWE-707
|
Improper Neutralization
|
|
XPath Injection |
CWE-20
|
Improper Input Validation
|
CWE-74
|
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
|
CWE-91
|
XML Injection (aka Blind XPath Injection)
|
CWE-707
|
Improper Neutralization
|
CWE-713
|
OWASP Top Ten 2007 Category A2 - Injection Flaws
|
|