b:["$","$L16",null,{"children":[["$","$L17",null,{"category":"Functionality Abuse","href":"/wek/164","label":"164. Insecure service configuration","lastUpdated":"2024/02/15","title":"Insecure service configuration"}],["$","$L18",null,{"fixes":[{"fix":{"context":["Usage of C# for building robust and scalable applications","Usage of Microsoft.Extensions.DependencyInjection for dependency injection in .NET applications","Usage of Microsoft.AspNetCore.Mvc for building web applications with ASP.NET Core MVC"],"need":"Secure service configuration to prevent XSS attacks","solution":{"insecure_code_example":{"description":"In the provided code snippet, an ASP.NET Core application is being configured. The `ConfigureServices` method is used to set up the application's services during startup. Here, we add MVC to the application's services but do not specify any options.\n\nThe vulnerability here lies in the fact that we are not setting any `requestValidationMode` in our server configuration. This could potentially leave our application open to Cross-Site Scripting (XSS) attacks. \n\nIn an XSS attack, an attacker injects malicious scripts into content that is sent to a web browser. The browser then executes the script because it believes the script came from a trusted source. The script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. \n\nBy not setting a `requestValidationMode`, we are not instructing our application to validate requests for potentially harmful content, and this could enable an attacker to send such harmful content in a request.","text":"public void ConfigureServices(IServiceCollection services)\n{\n services.AddControllers()\n .AddMvcOptions(options => { });\n}"},"language":"csharp","secure_code_example":{"description":"$19","text":"public void ConfigureServices(IServiceCollection services)\n{\n services.AddControllers()\n .AddMvcOptions(options => \n {\n options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());\n });\n}"},"steps":["Set the requestValidationMode to a secure value in the server configuration files.","Configure the ASP.NET Core application to use the appropriate request validation mode.","Ensure that the requestValidationMode is set to a value that enables XSS protection.","Test the application thoroughly to ensure that the XSS vulnerability is mitigated."]},"title":"Insecure service configuration","vulnerability_id":"164","last_update_time":"09/18/2023"},"lang":"csharp"},{"fix":{"context":["Usage of Dart for building cross-platform applications","Usage of Shelf for managing and organizing data in a Node.js application"],"need":"Secure service configuration to prevent XSS attacks","solution":{"insecure_code_example":{"description":"In the above code, we are using the shelf framework to create a server that listens to requests on `localhost` at port `8080`. The `_echoRequest` function is used as a handler for all incoming requests. \n\nThe vulnerability lies in the fact that there is no validation or sanitization of the incoming requests. This means that if the incoming request contains a script (JavaScript for example), it will be echoed back in the response. \n\nThis makes the server susceptible to Cross-Site Scripting (XSS) attacks. An attacker can send a request containing a script, and when the server echoes back the script in the response, it can be executed in the user's browser, leading to potential data theft or other malicious activity.\n\nTo mitigate this vulnerability, we need to add request validation in the `_echoRequest` function to sanitize the incoming requests and prevent any potential XSS attacks.","text":"import 'package:shelf/shelf.dart' as shelf;\n\nvoid main() {\n var handler = const shelf.Pipeline().addMiddleware(shelf.logRequests())\n .addHandler(_echoRequest);\n\n io.serve(handler, 'localhost', 8080).then((server) {\n print('Serving at http://${server.address.host}:${server.port}');\n });\n}\n\nshelf.Response _echoRequest(shelf.Request request) {\n return shelf.Response.ok('Request for \"${request.url}\"');\n}"},"language":"dart","secure_code_example":{"description":"The original code was vulnerable to Cross-Site Scripting (XSS) attacks because it did not validate or sanitize input from requests. This is a common security issue where an attacker can inject malicious scripts into web pages viewed by other users.\n\nTo fix this vulnerability, we added a middleware to the server pipeline that filters out potential XSS attacks. This is done using the `shelf_xss_filter` package, which provides a middleware function `xssFilter()`. This function sanitizes any input from requests to prevent XSS attacks.\n\nThe `xssFilter()` middleware is added to the pipeline using the `addMiddleware()` function. This ensures that every request goes through the XSS filter before it is handled by the `_echoRequest` function.\n\nAfter applying this fix, the server will sanitize all incoming requests to prevent XSS attacks. This does not affect the functionality of the server, but it significantly improves its security.","text":"import 'package:shelf/shelf.dart' as shelf;\nimport 'package:shelf/shelf_io.dart' as io;\nimport 'package:shelf_xss_filter/shelf_xss_filter.dart';\n\nvoid main() {\n var handler = const shelf.Pipeline()\n .addMiddleware(shelf.logRequests())\n .addMiddleware(xssFilter())\n .addHandler(_echoRequest);\n\n io.serve(handler, 'localhost', 8080).then((server) {\n print('Serving at http://${server.address.host}:${server.port}');\n });\n}\n\nshelf.Response _echoRequest(shelf.Request request) {\n return shelf.Response.ok('Request for \"${request.url}\"');\n}"},"steps":["Identify the server configuration files in your project.","Locate the section where requestValidationMode is to be assigned.","Set the requestValidationMode to a secure setting. This setting will validate input from all requests to prevent XSS attacks.","Ensure that the setting is applied globally across all pages and not just specific ones.","Test the application to ensure that the new setting does not break any functionality.","Regularly review and update the server configuration to maintain security."]},"title":"Insecure service configuration","vulnerability_id":"164","last_update_time":"09/18/2023"},"lang":"dart"},{"fix":{"context":["Requirement of PHP 7.0 or later for running the application","Usage of Laravel framework for PHP web development"],"need":"Secure service configuration to prevent XSS attacks","solution":{"insecure_code_example":{"description":"This is a simple route in a Laravel application that accepts a user ID from the URL and returns a string. The problem with this route is that it does not validate the incoming request, which means that it could be susceptible to Cross-Site Scripting (XSS) attacks.\n\nIn an XSS attack, an attacker can inject malicious scripts into webpages viewed by other users. These scripts can be used to steal sensitive information like session cookies, or perform other malicious actions.\n\nIn this case, an attacker could potentially inject a script into the 'id' parameter of the URL. This script would then be executed whenever a user visits the URL.\n\nThis vulnerability could be mitigated by implementing request validation in the route. Laravel provides several ways to validate incoming requests, such as using the `validate` method or Form Request Validation.","text":""},"language":"php","secure_code_example":{"description":"$1a","text":" $id], [\n 'id' => 'required|integer',\n ]);\n\n if ($validatedData->fails()) {\n return response()->json($validatedData->errors(), 400);\n }\n\n return 'User '.e($id);\n });\n?>"},"steps":["Identify all places in your code where user input is directly used in responses.","Implement input validation to ensure that the user input is safe to use. This could be done by using Laravel's built-in validation rules or by creating custom validation rules.","Use Laravel's built-in functions for escaping output to prevent XSS attacks. For example, use the 'e' function to escape output, or use the `{{ }}` syntax in Blade templates, which automatically escapes output.","Configure your server to use a request validation mode. This can be done in the server configuration files. The request validation mode should be set to a value that provides a level of protection that is appropriate for your application.","Regularly update your Laravel framework to the latest version to benefit from the latest security patches and improvements."]},"title":"Insecure service configuration","vulnerability_id":"164","last_update_time":"09/18/2023"},"lang":"php"}],"id":"164","vulnerability":{"en":{"title":"Insecure service configuration","description":"No requestValidationMode is assigned in the server configuration files, which would allow XSS attacks.\n","impact":"Obtain sensitive information through XSS attacks.\n","recommendation":"Activate the recommended protection mechanisms as Request validation.\n","threat":"Anonymous attacker from the Internet.\n"},"es":{"title":"Insecure service configuration","description":"En los archivos de configuración del servidor no se asigna requestValidationMode, lo que permitiría ataques XSS.\n","impact":"Obtener información sensible mediante ataques XSS.\n","recommendation":"Activar los mecanismos de protección recomendados como Request Validation.\n","threat":"Atacante anónimo desde internet.\n"},"category":"Functionality Abuse","examples":{"non_compliant":"The application does not request validation mode\n```html\n\n \n \n\n```\n","compliant":"The application enables request Validation mode\n```html\n\n \n \n\n```\n"},"remediation_time":"60","score":{"base":{"attack_vector":"N","attack_complexity":"H","privileges_required":"N","user_interaction":"R","scope":"U","confidentiality":"L","integrity":"N","availability":"N"},"temporal":{"exploit_code_maturity":"P","remediation_level":"O","report_confidence":"R"}},"score_v4":{"base":{"attack_vector":"N","attack_complexity":"H","attack_requirements":"N","privileges_required":"N","user_interaction":"A","confidentiality_vc":"L","integrity_vi":"N","availability_va":"N","confidentiality_sc":"N","integrity_si":"N","availability_sa":"N"},"threat":{"exploit_maturity":"P"}},"requirements":["185","266"],"metadata":{"en":{"details":"__empty__"}},"last_update_time":"02/15/2024"}}]]}]