In the following code, which is the location of vulnerability?
1 String username = req.getParameter("loginID"); 2 String password = req.getParameter("loginPassword"); 3 String sql = "SELECT UserID from Employee WHERE Emp_ID = ? AND Password=?"; 4 pstmt = con.prepareStatement(sql); 5 pstmt.setString(1,username); 6 pstmt.setString(2,password); 7 pstmt.execute(); 8 user = pstmt.getResultSet(); 9 if(user!=null) 10 { 11 while (user.next()) 12 { 13 userInfo.add(user.getString(1)); 14 } 15 } 16 else 17 { 18 log.debug(“Invalid Login: Login ID-”+ username+” Password-”+ password); 19 }
Line 5
Line 4
Line 18
Line 11
Identify the line on which the vulnerability exists:
1 public class performSearchAction extends HttpServlet{ 2 // Servlet for Search Action 3 public void doPost(HttpServletRequest req, HttpServletResponse res) 4 { 5 try 6 { 7 ArrayList arrSearch = Util.performSearchAction(req, res); 8 req.setAttribute(“SearchResults”,arrSearch); 9 RequestDispatcher rd = getServletContext().getRequestDispatcher("/SearchResult.jsp"); 10 rd.forward(req,res); 11 } catch (Exception e) { 12 log.debug(“Exception occurred:”+e); 13 } 14 } //End of doPost method 15 public void doGet(HttpServletRequest req, HttpServletResponse res) 16 { 17 doPost(req,res); 18 } //End of doGet method 19 } //End of Class
Line # 12
Line # 9
Line # 17
Line # 8
Give the name of the vulnerability resides in the below code:
... Runtime rt = Runtime.getRuntime(); Process proc = rt.exec("cmd.exe /c type "+request.getParameter("path")); //path is an Input Parameter and contains the file name. InputStream stdin = proc.getInputStream(); InputStreamReader isr = new InputStreamReader(stdin); BufferedReader br = new BufferedReader(isr); ...
Race Condition
Command Injection
Denial of Service
Cross Site Request Forgery
Are there any memory issues in the following code? Please assume that variable inputsize has the correct size.
int add_num_array(int inputsize, int num) { int *newnum = malloc (inputsize * sizeof(int)); /* 1 */ int i; for (i=0; i
No vulnerabilities are present
Line 1 should only use malloc(inputsize);
Line 2 should be for (i=0; i<=n, i++)
Line 1 should use calloc() instead of malloc()
What is the vulnerability in this code?
char output[20]; /* Assume data is a character array with value %200d asdf */ sprintf(output, data);
Buffer overflow
Off by one error
Format string vulnerability
No vulnerabilities are present in this code
int main(int argc, char * argv[]) { printf (argv[1]); }
What is the possible vulnerability in this code?
unsigned int total, userinput1, userinput2; userinput1 = receiveInput(); userinput2 = receiveInput(); total = userinput1 + userinput2;
Integer overflow
Stack overflow
Data type mismatch
Which Compilation switch will you use to check Buffer Overflows?
/GS on Visual C++ and -fmudflap -fmudflapth -fmudflapir on GCC
/O in Vc++ and -O2 in GCC
/S in Vc++ and -fcrossjumping in GCC
/S in VC++ and -fno-function-cse in GCC
What can go wrong in following code?
#include int main(int argc, char *argv[]) { if(argc != 3) { printf("usage: %s [source] [dest]\n", argv[0]); exit(1); } char x; FILE *file[2]; file[0] = fopen(argv[1],"r+"); file[1] = fopen(argv[2],"w+"); for(x = 0; x < 2; x++) { if(file[x] == NULL) { printf("error opening file.\n"); exit(1); } } do { x = fgetc(file[0]); fputc(x,file[1]); } while(x != EOF); for(x = 0; x < 2; x++) fclose(file[x]); return 0; }
SQL Injection
Arc Injection
Buffer Overflow
both 2 and 3
Which compilation switch should be enabled for stack protection? Choose the best and most secure option.
fstack-protector
fstack-protector-all
fdelete-null-pointer-checks
Both a and b