Sunday, January 23, 2011

Argument Injection or Modification

Description: Argument Injection or Modification is a type of Injection attack. Modifying or injecting data as an argument may lead to very similar, often the same, results as in other injection attacks. It makes no difference if the attacker wants to inject the system command into arguments or into any other part of the code.

Example: Knowing pseudo code of the application, the attacker may guess what action is required by the application to perform another one, for example, what must be done to authorize the attacker as the administrator.
Reading the code below the attacker doesn't know the values of $pass and $login. The question is - is there possibility of altering value of $authorized not knowing previously mentioned variables?

if($pass = "XXX" and $login = "XXX") { $authorized = 1; }
if($authorized == 1) { admin_panel(); }
If server configuration allows for that, we may try to pass argument $authorized=1 as input data to application.
E.g. /index.php?user=&pass=&authorized=1