发表新帖
发表新帖

How to conduct buffer overflow in PHP/Python?

后端 未结
关注
6 655
梦谈多话
梦谈多话 2020-12-11 05:18

Here is an example in c:

#include 
#include 

void bad() {
    printf(\"Oh shit really bad~!\\r\\n\");
}

void foo() {
    cha
相关标签:
6条回答
  • 心在旅途
    2020-12-11 05:39

    We're sorry: you've reached a weakness in Python. Unfortunately, it's by design, so little can be done about it. Perhaps you should stay with C.

    As Martin v. Löwis said:

    Python does not support buffer overflows, sorry.

    PS Wow. It seems like a few months ago that I read that post, and yet it's been 7 years and a day.

    0 讨论(0)
  • 日久生厌
    2020-12-11 05:43 
    import sys
import socket

for carg in sys.argv:

    if carg == "-S":

        argnum= sys.argv.index(carg)

        argnum +=1

        host = sys.argv[argnum]

    elif carg == "-p":

        argnum = sys.argv.index(carg)

        argnum +=1

        port = sys.argv[argnum]

buffer = "\x41"* 3000

s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host,port))

s.send("USV" + buffer)

s.close()
    0 讨论(0)
  • 死守一世寂寞
    2020-12-11 05:44

    Doing something similar in PHP will not result in the same behavior.

    PHP is interpreted and always checks whether the operation you are doing or not is valid.. So you can't - for example - overrun a buffer.

    0 讨论(0)
  • 感情败类
    2020-12-11 05:52

    The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile the languages, it would still be impossible. This doesn't mean that you couldn't expose unsafe APIs that can do whatever. In fact, using Pythons ctypes module, it should be possible to create a similar behavior, but significantly harder to do so by accident.

    0 讨论(0)
  • 北荒
    2020-12-11 05:55

    Because php,python and every interpreted language first have to go through an interpreter and you dont have the full access to the memory this kind of languages will not let you to do some kind of games like the code you posted.

    0 讨论(0)
  • 说谎
    2020-12-11 05:56

    As PHP is a scripting language and has no pointers and the string type is binary-safe such things won't work in PHP.

    But why would you want to do such a thing?

    (oh, there might be bugs in PHP resulting in a buffer overflow, but that's nothing that canbe relied upon in any way and usually is fixed quite ffast...)

    0 讨论(0)
 看不清?
提交回复
热议问题