Skip to main content

Lack of data validation - Numbers

Description

There is insecure functionality that can break the current business logic and negatively impact the business.

Impact

Carry out transactions with a lower value than it should be.

Recommendation

Validate that the values of the transaction drafts do not travel in the request or that when they are modified, the request is cancelled.

Threat

Authenticated attacker from the Internet.

Expected Remediation Time

โŒš 30 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: N
  • Attack complexity: L
  • Privileges required: L
  • User interaction: N
  • Scope: U
  • Confidentiality: N
  • Integrity: H
  • Availability: N

Temporal

  • Exploit code madurity: X
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X
  • Score:
    • Base: 6.5
    • Temporal: 6.5
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

The application performs validation of the transaction values and aborts in case of any modification to the values

item.addEventListener("submit", function (e) {
e.preventDefault();
const formData = new FormData(this);
const confirmationCode = confirm(e.submitter.transactionDraft);
if confirmationCode = 200 {
//Set the request data with confirmed transaction amount
formData.set(e.submitter.name, e.submitter.value, e.submitter.transactionDraft);
fetch(pagePath, {
method: "post",
body: formData
})
.then(function (response) {
return response.text();
})
.catch(function (error) {
return Message ("Invalid data")
});
}
});

Non compliant code

The application does not validate the transaction values after they were modified

item.addEventListener("submit", function (e) {
e.preventDefault();
const formData = new FormData(this);
//Set the request data with an invalid transaction draft
formData.set(e.submitter.name, e.submitter.value, e.submitter.transactionDraft);
fetch(pagePath, {
method: "post",
body: formData
})
.then(function (response) {
return response.text();
})
.catch(function (error) {
return Message ("Invalid data")
});
});

Requirements