Improper input validation
or unchecked user input is a type of
vulnerability in
computer software
Software is a set of computer programs and associated documentation and data. This is in contrast to hardware, from which the system is built and which actually performs the work.
At the lowest programming level, executable code consists ...
that may be used for
security exploit
An exploit (from the English verb ''to exploit'', meaning "to use something to one’s own advantage") is a piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanti ...
s.
This vulnerability is caused when "
e product does not validate or incorrectly validates input that can affect the control flow or data flow of a program."
Examples include:
*
Buffer overflow
*
Cross-site scripting
*
Directory traversal
A directory traversal (or path traversal) attack exploits insufficient security validation or sanitization of user-supplied file names, such that characters representing "traverse to parent directory" are passed through to the operating system's f ...
*
Null byte injection
The null character (also null terminator) is a control character with the value zero.
It is present in many character sets, including those defined by the Baudot and ITA2 codes, ISO/IEC 646 (or ASCII), the C0 control code, the Universal Coded Ch ...
*
SQL injection
*
Uncontrolled format string
References
{{security-software-stub
Computer security exploits