String exploits

String exploits

Several implementation / design flaws are associated with string programming, some of those are associated with security exploits.

Concatenation problems

It is possible to cause "String1 + User_Input_String + String2" to behave in unepected ways by by crafting unanticipated User_Input_String, such as having string2 ignored in processing.

String termination

In many environments, it is possible to truncate the string with clever input.
* PHP: %00 (NUL) can terminate strings, when used for API calls that uses it to terminate strings.
* Oracle: CHR(0) (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE.

Comment out characters

In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters.
* Many languages: /* means ignore everything until a */ combination.
* SQL: -- means ignore rest of line
* Unix shells: # means ignore rest of line

See also (other string problems)

* Format string attack - unchecked *printf format strings are dangerous
* Buffer overflow - Buffer overflows often occurs in unsafe string functions
* Cross-site scripting - unsafe output of input strings
* Directory traversal - concatenating strings to create a filename is not a good idea
* SQL injection - concatenating strings to create a SQL statement is not a good idea


Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Exploits Valley Salmon Festival — The Exploits Valley Salmon Festival is an annual cultural festival in Grand Falls Windsor, Newfoundland and Labrador. The festival began in as a three day regional celebration in honor of the Atlantic Salmon migration. To enhance environmental… …   Wikipedia

  • Format string attack — Format string attacks are a class of software vulnerability discovered around 1999. Previously thought harmless, Format string attacks can be used to crash a program or to execute harmful code. The problem stems from the use of unfiltered user… …   Wikipedia

  • Rabin-Karp string search algorithm — The Rabin Karp algorithm is a string searching algorithm created by Michael O. Rabin and Richard M. Karp in 1987 that uses hashing to find a substring in a text. It is used for multiple pattern matching rather than single pattern matching. For… …   Wikipedia

  • Exec Shield — is a project started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that emulates an NX bit on… …   Wikipedia

  • Code review — is systematic examination (often as peer review) of computer source code. It is intended to find and fix mistakes overlooked in the initial development phase, improving both the overall quality of software and the developers skills. Reviews are… …   Wikipedia

  • Buffer overflow — In computer security and programming, a buffer overflow, or buffer overrun, is an anomalous condition where a process attempts to store data beyond the boundaries of a fixed length buffer. The result is that the extra data overwrites adjacent… …   Wikipedia

  • Shellcode — In computer security, a shellcode is a small piece of code used as the payload in the exploitation of a software vulnerability. It is called shellcode because it typically starts a command shell from which the attacker can control the compromised …   Wikipedia

  • Cross-site scripting — (XSS) is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client side script into Web pages viewed by other users. A cross site scripting vulnerability may be used by attackers to… …   Wikipedia

  • Heap spraying — In computer security, heap spraying is a technique used in exploits to facilitate arbitrary code execution. The term is also used to describe the part of the source code of an exploit that implements this technique. In general, code that sprays… …   Wikipedia

  • Portable Document Format — PDF redirects here. For other uses, see PDF (disambiguation). Portable Document Format Adobe Reader icon Filename extension .pdf Internet media type application/pdf application/x pdf application/x bzpdf application/x gzpdf …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”