Type Conversion Errors: How A Little Data Type Can Do A Whole Lot Of Damage presented at Blackhat USA 2007

by Jeff Morin,

Tags: Security

Summary : In the realm of application testing, one
of the major, but most often overlooked vulnerabilities, is that of
type conversion errors. These errors result from input variable values
being used throughout the many areas and codebases that make up the
application, and in doing so, are potentially treated as different data
types throughout the processing. The application functions correctly and
without issue because the values of the input variable are anticipated,
even though they are treated in different areas as different data
types. The issue arises then when a value is input into one of these
variables that is crafted in such a way as to be successfully
manipulated by some data types, while failing others, resulting in the
application behaving in unanticipated and potentially dangerous ways.
These vulnerabilities are much more difficult to identify than simple
error-based SQL injection or XSS as they don't readily display success
or failure, rather can manifest themselves in other areas or at a later
time. This also makes them very dangerous in that the application
behaves in completely unanticipated ways, potentially resulting in
circumvented authentication and authorization, Denial of Service,
elevated privileges, etc.