Question

Given the following:

//TODO - should this be odbc or jdbc?
var odbcString = getParameterByName ("queryString", "dbConnector");
doc.innerHTML = "DB connector: " + odbcString + "";
.appendChild (doc);

Which of the following vulnerabilities is present in the above code snippet?

A. Disclosure of database credential
B. SQL-based string concatenation
C. DOM-based injection
D. Information disclosure in comments

Answer 1

The code snippet is vulnerable to DOM-based injection due to the direct usage of a query string parameter in the DOM without proper sanitization.

Step-by-step explanation:

An attacker may be able to use the vulnerability to construct a URL that, if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The vulnerability present in the code snippet is C. DOM-based injection. The 'getParameterByName' function likely retrieves a query string parameter from the URL, which is then directly used to set HTML content without proper sanitization. This can result in an attacker being able to inject arbitrary HTML, JavaScript, or other client-side code into the page. This vulnerability could be exploited by crafting a malicious URL with a specially crafted 'queryString' parameter. To mitigate this issue, it is important to validate or encode the data before inserting it into the DOM.