CWE-94
ypKChz

CWE-94

Weakness ID:94(Weakness Class)

Status: Draft

R[hECWFNV

v

ʃR|[lg̉e͂gpR[hZOg̑SA͈ꕔ\z\tgEFAɂāAӐ}OSR}h̍\ӂ܂񂷂邱Ƃ”\ȗvfK؂ɖȂ悤ɂƎ㐫łB

ڍׂȉ

\tgEFA[U͂ɃR[h܂߂邱Ƃ‚ꍇAӐ}t[񂳂铙̕@ɂAU҂ɂR[h쐬”\܂BɂACӂ̃R[hs”\܂B

CWFNV̖͗lXȐƎ㐫܂݁AΏꂼ傫قȂ܂BASẴCWFNV̖́A[U̓͂ɐp̃R[h}邱Ƃ”\łƂʓ_܂Bobt@I[o[t[̑̐Ǝ㐫́AU𐬌邽߂ɂ̓\tgEFǍׂKvłBACWFNV̐Ǝ㐫̓\tgEFǍׂɈˑAȏp邱ƂōU܂B̐Ǝ㐫̃JeSɂłT^IȗƂāASQL CWFNVя̖肪܂B

Ǝ㐫̔

A[LeN`ѐ݌v

YvbgtH[

C^[v^^

ʓIȉe

@

}ꂽR[hɂAꂽf[^уt@CɃANZX”\܂B

F

}ꂽR[hɂAF؂䂳”\܂BɂA[g̐Ǝ㐫ꂪ܂B

ANZX

}ꂽR[hɂA{U҂ڃANZXȂ\[XɃANZX”\܂B

S

f[^̑}́AɃf[^̓ǂݏo⏑݂𔺂߁AقڑSẴR[hCWFNVU̓f[^̊S𑹂܂BāACӂ̃R[hs”\܂B

ӔC

}ꂽR[hɂsꂽANV́AOɍՂcȂꍇ܂B

U󂯂”\

ƎȃR[h

 1:

 

ȉ̗́AbZ[Wt@CɃ[ŨbZ[W݁A[Uɂ̃bZ[W̉{‚̂łB

TvF PHP ij 
$MessageFile = "cwe-94/messages.out";
if ($_GET["action"] == "NewMessage") {
$name = $_GET["name"];
$message = $_GET["message"];
$handle = fopen($MessageFile, "a+");
fwrite($handle, "<b>$name</b> says '$message'<hr>¥n");
fclose($handle);
echo "Message Saved!<p>¥n";
}
else if ($_GET["action"] == "ViewMessages") {
include($MessageFile);
}

MessageFile ́Af[^݂̂܂܂邱Ƃz肳Ă܂AU҂̓bZ[WɈȉ̗lȓ͂”\܂B

iUj 
name=h4x0r
message=%3C?php%20system(%22/bin/ls%20-l%22);?%3E

̃bZ[ẂAȉ̗lɃfR[h܂B

iUj 
<?php system("/bin/ls -l");?>

ꌩAʏ̃f[^t@C̓eƂđ}悤Ɏv܂APHP ͂̃f[^܂񂾃t@C͂R[hs܂B̃R[h͈ʃ[UbZ[W{xɎs܂B

̗lȏ󋵉ł́AXSS (CWE-79) U”\邽ߒӂKvłB

 

Q̊ɘa

tF[YFA[LeN`ѐ݌v

IɃR[h𐶐Ȃ悤AvOt@N^OĉB

tF[YFA[LeN`ѐ݌v

vZXƃIy[eBOVXe̊ԂŌdȋE "jail" AގTh{bNX‹̒ŃR[hsĂBɂA\tgEFAŎs”\̂R[hʓIɐ”\łB

ƂāAUnix chroot jail y AppArmor ܂BʓIɁAR[h̊ǗɂA‚̕ی@\񋟂܂B
́Aӂ킵ł͂Ȃ”\܂B܂AIy[eBOVXeւ̔Q肷邾łAc̃AvP[V͐NQ̑Ώۂ̂܂܂łB

CWE-243 yт̑ jail Ɋ֘AƎ㐫̉ɂ͒ӂĂB

tF[YF

헪F ͂̑Ó`FbN
SĂ͈̓͂ӂ̂̂Ƒz肵ĂBdlɌɏ]‚͂̃zCgXggp铙Am̎󂯓Ă͂̑Ó`FbN@pĂBdlɔ͂ۂA邢͓͂dlɓK`ɕωĂBubNXgɈˑĂ܂Aӂ̂A邢͕sȓ͂TƂ݂̂ɈˑȂłBAubNXg͗\ǓmAɋۂׂsȓ͂肷ۂɖ𗧂܂B

͒l̑Ó`FbNہA֘AȑSĂ̗vfiA̓^CvAel͈̔́A͂̉ߕsA\A֘AtB[hԂ̈ѐAyуrWlX[̈vAjɂ‚člĂBrWlX[̗ƂāA"boat" ͉p܂܂Ȃߍ\IɗLłAJ҂ "red"  "blue" ̂悤ȐF̖Oz肷ꍇɂ͗Lł͂ȂAƂWbN܂B

ގR[hCWFNV邽߂ɁA‚\zCgXggpĂB֐ĂяoR[h𓮓Iɍ\zĂꍇ́Ap݂̂̓͂ł͕s\ȉ”\邱ƂmFĂBU҂ɂA‚‚̂Ȃ댯Ȋ֐(system()Aexec()Aexit())QƂ”\܂B

tF[YFeXg

{Ǝ㐫o”\ȎÓI̓c[gpĂBŋ߂̑̎@́AtH[X|WeBuŏ邽߂Ƀf[^t[͂gpĂ܂Bc[ɂ錟oł 100% ̐xJo[͎s”\ł邽߁AȉƂ͂Ȃ܂B

tF[YFeXg

t@YeXg(t@WO)AoXglXeXg(挒̃eXg)AtH[gCWFNV(G[킴ƋNeXg)A푽lȓ͂–cȃeXgP[Xgpă\tgEFA𕪐͂AIȃc[ZpgpĂB\tgEFȀx͒ቺ܂AsɂȂANbVAsmȌʂoƂƂ͂܂B

tF[YFIy[V

헪F RpCArh̋
Perl  u-Tv XCb`Ao@\sAꂽϐ܂ރR}h̎sh‹ŃR[hsĉBĊ댯͂ɑ΂āAĂȂƂ󂪂‚Ȃ悤ɐmɓ͂̑ÓmF悤ɒӂȂ΂Ȃ܂񂪁Aꂽϐ菜߂̑ÓmFXebvIɎsĉBiCWE-183ACWE-184QƉj

֌W

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Weakness Class 74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Development Concepts (primary)699
Research Concepts (primary)1000
ChildOf Weakness Class 691 Insufficient Control Flow Management Research Concepts1000
ChildOf Category 752 2009 Top 25 - Risky Resource Management Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
ParentOf Weakness Base 95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 96 Insufficient Control of Directives in Statically Saved Code (Static Code Injection) Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 621 Variable Extraction Error Research Concepts (primary)1000
ParentOf Weakness Base 627 Dynamic Variable Evaluation Development Concepts (primary)699
Research Concepts (primary)1000
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
CanFollow Compound Element: Composite 98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion') Development Concepts699
Research Concepts (primary)1000

 

v iCWE ̌j

{Ǝ㐫̑͌ђłAƎ㐫̖̂P̗]n܂B

gDł̕

 

gD܂͑gDł̕ m[h ID CWE̕ނƂ̓Kx ޖ
PLOVER CODE Code Evaluation and Injection

 

֘AUp^[

 

CAPEC-ID Up^[ (CAPEC Version 1.5)
35 Leverage Executable Code in Nonexecutable Files
77 Manipulating User-Controlled Variables

 

XV

[2011N0421]
  2010N1012_̃f[^ɍXV
[2009N0629]
  2009N0202_̉L URL ɍ쐬
    http://cwe.mitre.org/data/definitions/94.html

o^ 2011/04/21

ŏIXV 2023/04/04