Details
Alert ID 90035
Alert Type Active
Status release
Risk High
CWE 1336
WASC 20
Technologies Targeted All
Tags CWE-1336
OWASP_2017_A01
OWASP_2021_A03
POLICY_API
POLICY_DEV_CICD
POLICY_DEV_FULL
POLICY_DEV_STD
POLICY_QA_FULL
POLICY_QA_STD
POLICY_SEQUENCE
WSTG-V42-INPV-18
More Info Scan Rule Help

Summary

When the user input is inserted in the template instead of being used as argument in rendering is evaluated by the template engine. Depending on the template engine it can lead to remote code execution.

Solution

Instead of inserting the user input in the template, use it as rendering argument.

Other Info

Proof found at [http://example.com/profile/?name=test] content: [<!DOCTYPE html> <html> <head> <title>Profile</title> </head> <body> <form action="/" method="post"> First name:<br> <input type="text" name="name" value=""> <input type="submit" value="Submit"> </form> <h2>Hello zj3790300zj</h2> </body> </html>Content-Type: text/html Date: Mon, 10 Jun 2024 12:33:36 GMT Connection: keep-alive Content-Length: 328 ]

References

Code

org/zaproxy/zap/extension/ascanrules/SstiScanRule.java