Tag: security

The following code is part of a system daemon that is run with elevated privileges. It opens a temp file in /tmp directory as a cache. Is there an issue in this code sample? Please assume that filling up /tmp is not an issue here. int outfile = fopen(“/tmp/cache_data”, O_WRONLY | O_CREAT | O_TRUNC, 0600);

Is writing to an already freed memory a vulnerability? x = malloc(200); /* do something with x / free (x); / do something else */ strcpy(x, “somedata”);

What attacks can get realized due to below code? ... Connection con = null; Statement stmt = null; try{ String personName = req.getParameter("PName"); String personAddress = req.getParameter("PAddress"); String personEmail = req.getParameter("PEmail"); String personPhone = req.getParameter("PPhone"); con= UtilDAO.make_con(); stmt = con.createStatement(); String sql = "INSERT INTO PersonDetails values ('"+personName+"', '"+personAddress+"', '"+personEmail+"', '"+personPhone+"')"; stmt.executeUpdate(sql); con.commit(); stmt.close(); UtilDAO.close(con); } catch(Exception e) { log.debug(“Exception is:”+e); } ...

Identify the line on which the vulnerability exists: 1 public class performSearchAction extends HttpServlet{ 2 // Servlet for Search Action 3 public void doPost(HttpServletRequest req, HttpServletResponse res) 4 { 5 try 6 { 7 ArrayList arrSearch = Util.performSearchAction(req, res); 8 req.setAttribute(“SearchResults”,arrSearch); 9 RequestDispatcher rd = getServletContext().getRequestDispatcher("/SearchResult.jsp"); 10 rd.forward(req,res); 11 } catch (Exception e) { 12 log.debug(“Exception occurred:”+e); 13 } 14 } //End of doPost method 15 public void doGet(HttpServletRequest req, HttpServletResponse res) 16 { 17 doPost(req,res); 18 } //End of doGet method 19 } //End of Class

Give the name of the vulnerability resides in the below code: 1 5 6 Your Search for '' has not returned any records 7 8

What is wrong in the below code? public void doPost(HttpServletRequest req, HttpServletResponse res) { try { String language = req.getParameter("language"); res.sendRedirect("/doc/"+language+”/index.html”); } catch (Exception e) { } }

In the following code, which is the location of vulnerability? 1 String username = req.getParameter("loginID"); 2 String password = req.getParameter("loginPassword"); 3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 4 pstmt = con.prepareStatement(sql); 5 pstmt.setString(1,username); 6 pstmt.setString(2,password); 7 pstmt.execute(); 8 user = pstmt.getResultSet(); 9 if(user!=null) 10 { 11 while (user.next()) 12 { 13 userInfo.add(user.getString(1)); 14 } 15 } 16 else 17 { 18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 19 }

In the following code, which is the location of vulnerability? 1 bIsAdmin = true; 2 try 3 { 4 function (); 5 bIsAdmin = isAdminUser(userName); 6 } 7 catch (Exception ex) 8 { 9 log.write(ex.toString()); 10 }

Is SQL injection possible in the below code? String username = request.getParameter(“username”); String password = request.getParameter(“password”); conn = pool.getConnection( ); PreparedStatement pstmt = conn.prepareStatement(“select * from user where username=”+username+” and password=”+password); pstmt.execute(); rs = pstmt.getResultSet();

Give the name of the vulnerability resides in the below code: ... Runtime rt = Runtime.getRuntime(); Process proc = rt.exec("cmd.exe /c type "+request.getParameter("path")); //path is an Input Parameter and contains the file name. InputStream stdin = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(stdin); BufferedReader br = new BufferedReader(isr); ...