exploit

问题 I can get the value of the protected field, but the private field throws java.lang.IllegalAccessException . I think I know why I'm getting this exception, but how is reflection used to exploit the contents of private fields, how do I get around this? Programmer Hat is on I have created the following Vulnerable class in a netbeans project. I have made a Jar file to distribute it. public class Vulnerable { private int privateSecret; protected int protectedSecret; int secret; public Vulnerable()

问题 I am learning about Security and looking at storing secrets in the clear. When I retrieve the contents of a private field, it returns an Object. My mal code correctly assumes and casts the Object as an int, however if I change/parse the field type from int secretInt = 42; to String secretInt = (new Integer(42).intValue()).tostring the Mal code fails miserably. EDIT: The unusual wrapping (new Integer(42).intValue()).tostring is created by a automated parser, it is not written by a programmer.

问题 The following from a php webpage looks to me like some code which could be exploited. # Maps a uri like questions/ask/index.php?anything=something to questions/ask/index.php $path = substr($_SERVER['REQUEST_URI'], 0, strpos($_SERVER['REQUEST_URI'], "?")); Can one of the following statements be exploited by a an attacker sending php syntax in the request uri? And if so, how do you avoid that? Variant 1: header('Location: http://'.$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI'].'&tag='.$tags);

问题 following short c program: void foo(int a, int b) { printf("a = %p b = %p\n", &a, &b); } main() { foo(1, 2); } ok, now I used gdb to view this program. I got as output: a = 0x7fff5fbff9ac b = 0x7fff5fbff9a8 and stopped execution after the output (in foo()). now I examined 0x7fff5fbff9ac and the content was: 1....correct then 0x7fff5fbff9a8 and the content: 2...correct now I wanted to view the return address of the function and examined (a + 4 bytes) with: x/g 0x7fff5fbff9b1 (8 bytes!! address

问题 I am trying to understand if/how return-into-libc and return-oriented programming exploits are possible if a canary is being used. A canary would be placed on the stack in between the return value and the buffer to be overflown, and would need to be overwritten in order to change the return value to the location of a library function or computation. Canaries have been around since 1997 (StackGuard) and ROP is a technique first introduced in 2007 (Shacham). Does a canary make these types of

问题 I am trying to reproduce the stackoverflow results that I read from Aleph One's article "smashing the stack for fun and profit"(can be found here:http://insecure.org/stf/smashstack.html). Trying to overwrite the return address doesn't seem to work for me. C code: void function(int a, int b, int c) { char buffer1[5]; char buffer2[10]; int *ret; //Trying to overwrite return address ret = buffer1 + 12; (*ret) = 0x4005da; } void main() { int x; x = 0; function(1,2,3); x = 1; printf("%d\n",x); }

问题 I'm trying to write a proof of concept in C that demonstrates code execution from a memory buffer in the stack on an ARM Cortex-M3. This will be useful to demonstrate that using the ARM MPU correctly can prevent such an attack. I figured a quick and dirty way to get some code into the stack is to copy it from a regular function and then use a goto to jump to it like so: static void loopit(void) { printf("loopit\n"); while (1); } void attack(void) { uint8_t buffer[64] __attribute__((aligned(4)

问题 I'm using the code below to try to execute some shellcode stored in an environment variable by overflowing the searchstring variable so that the return address of main contains the address of the anvironment variable. However, I get a segmentation fault before the printf command. #include <stdio.h> #include <string.h> void main(int argc, char *argv[]){ char searchstring[100]; if(argc > 1) strcpy(searchstring, argv[1]); else // otherwise searchstring[0] = 0; printf("Here"); } I compile the

问题 We happened to use IBM appscan http://www-01.ibm.com/software/awdtools/appscan/ against our java codebase, and it returned around 3000 high severity vulnerabilities. Most of them happen to be System Information Leak, which it thinks is happening when we print stack traces in the catch blocks, but we only print the filename and line number it is happening, enabling us to debug the code better. And some are about SQL injection, input validation etc. But, my question was about Resource

问题 I am reading a book called "Hacking: The art of exploitation" and I came across this paragraph: With execl(), the existing environment is used, but if you use execle(), the entire environment can be specified. If the environment array is just the shellcode as the first string (with a NULL pointer to terminate the list), the only environment variable will be the shellcode. This makes its address easy to calculate. In Linux, the address will be 0xbffffffa, minus the length of the shellcode in