SAMATE Logo NIST Logo The SAMATE Project Department of Homeland Security
Downloads:  Download this Test Case #156477

Back to the previous page... Back to the previous page

Test Case IDCandidate156477
Bad / Good / MixedBadBad test case
AuthorIARPA STONESOUP Test and Evaluation team
Associations
Test suite: 102  
Application: 12  
Added byCharles Oliveira
LanguageJava
Type of test caseSource Code
Input string
Expected Output
Instructions
See src/build.xml.
Submission date2015-10-06
DescriptionUsing Hibernate to execute a dynamic SQL statement
with built-in user-controlled input can allow an attacker to
modify the statement's meaning or to execute arbitrary SQL commands.

Metadata
- Base program: Apache JMeter
- Source Taint: SOCKET
- Data Type: SIMPLE
- Data Flow: BASIC
- Control Flow: SEQUENCE
File(s)
Flaw

There are no comments
Have any comments on this test case? Please, .

File Contains:
CWE-564: SQL Injection: Hibernate on line(s): 693, 694, 695, 696, 697, 698, 699, 700, 701, 702, 703, 704, 705, 706, 707, 708, 709, 710, 711, 712, 713, 714, 715, 716, 717, 718, 719, 720, 721, 722, 723, 724, 725, 726, 727, 728, 729, 730, 731, 732