CWE-790: Improper Filtering of Special Elements
Learn about CWE-790 (Improper Filtering of Special Elements), its security impact, exploitation methods, and prevention guidelines.
What is Improper Filtering of Special Elements?
• Overview: Improper Filtering of Special Elements occurs when software receives data from an external source but fails to adequately sanitize or incorrectly handles special characters, which are then passed to another component without proper filtering.
• Exploitation Methods:
- Attackers can inject malicious code or commands through these unfiltered special elements.
- Common attack patterns include SQL injection, cross-site scripting (XSS), and command injection.
• Security Impact:
- Direct consequences include unauthorized data access, data corruption, or execution of unintended commands.
- Potential cascading effects involve compromise of entire system integrity, leading to further exploitation.
- Business impact could be severe, including data breaches, loss of customer trust, and potential legal liabilities.
• Prevention Guidelines:
- Specific code-level fixes include validating and sanitizing all input data, especially special characters, before processing.
- Security best practices involve implementing input validation and output encoding consistently throughout the application.
- Recommended tools and frameworks include using established libraries for input validation and adopting secure coding guidelines provided by organizations like OWASP.
Technical Details
Likelihood of Exploit: Not specified
Affected Languages: Not specified
Affected Technologies: Not specified