Stack Overflow
Stack Overflow

Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions
3
votes
1 answer

Algorithm to check unique email taking into account gmail’s +

I have a registration form with a freebie gift and people are misusing it by registering as jo+1@gmail.com jo+2@gmail.com Are there any standard algorithms that I can run on my email records to verify this scenario? One where I can take…
Quintin Par
  • 15,862
  • 27
  • 93
  • 146
3
votes
1 answer

how do doctored image exploits for image viewers work? can they be defeated with managed code and random pixel alterations?

I have read that some image viewers were hacked by appropriately doctored images (in a format particularly suited for that? not sure about the details). So, how could this threat be completely eliminated? For instance, suppose we make a viewer for…
EndangeringSpecies
  • 1,564
  • 1
  • 17
  • 39
2
votes
3 answers

access() Security Hole

I've been doing some shell writing and came across a recommendation for access() to check whether a file exists, can be read, etc. Seems super easy to implement and faster than stat(). When I started looking at the man page for it, I noticed that…
Trevor Arjeski
  • 2,108
  • 1
  • 24
  • 40
2
votes
1 answer

Jinja2 SSTI filter bypasses

I'm doing a Capture The Flag (CTF) and I'm trying to exploit a server vulnerable to Jinja2 Server Side Template Injection (SSTI). I can't use the following characters: \, |, ,, . and _. I'm trying to write the following…
faint
  • 21
  • 1
2
votes
1 answer

Using eval() to assess user input and some condition. What alternatives?

First, to provide some context, I am designing a console based version of Blackjack for entertainment and learning purposes. The code below was my solution to evaluate different conditions given user input. The function below handles sleep times and…
Paulo Martins
  • 23
  • 7
2
votes
2 answers

Session fixation attack replication, term paper (php)

I'm trying to replicate session for my term paper and I've found quite a bit tips here, but can't replicate an attack on my localhost. I've tried an example from here: http://www.devshed.com/c/a/PHP/Sessions-and-Cookies/2/ fixation.php:
abaddon
  • 21
  • 1
2
votes
1 answer

How can I find the proper zone_map offset for v0rtex exploit on iOS 9.3.5?

I am building an APNonce setter tool with the aid of siguza’s v0rtex exploit and for now, I have most of the offsets I need, but zone_map offset seems to be wrong no matter what I do. What I tried: I decrypted the kernel and loaded it in IDA on…
danielBinx
  • 33
  • 8
2
votes
1 answer

what does the line "/mifs/.;/services/LogService" mean

I am trying to understand the CVE-2020-15505 - [RCE on MobileIron MDM] from some references like: https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html they all start there exploit by using "POST…
khadeeja salem
  • 29
  • 1
  • 3
2
votes
0 answers

Error with the Zerologon POC on Samba AC DC

I have a school projet that require me to emulate the CVE-2020-1472 (Zerologon) on a local environment. I am currently trying to test following github script but I am facing some issue that I haven't been able to solve since then. To sumerize, I…
krasseu
  • 21
  • 3
2
votes
2 answers

Exploit on a C program with fgets()

This is a question from my exam, which happened earlier in the day: Consider the code snippet below. The goal of the attacker is to execute code of the attacker’s choosing, for example, to spawn a shell, or to erase the contents of the file…
Gokul
  • 227
  • 2
  • 12
2
votes
1 answer

My buffer overflow exploit only opens a regular user shell but not a root shell

I've been trying to get this very simple buffer overflow to work on my local kali machine, and after a lot of trial and error I finally got it to the point that it executes my shellcode and opens a /bin/bash shell - however, it's just a regular…
Geek Girl x0x0
  • 310
  • 1
  • 4
  • 15
2
votes
1 answer

Is `Object.fromEntries()` secure from prototype pollution?

Consider the following simple example of prototype pollution in JavaScript: function sayHello(name) { console.log(`Hi ${name}!`); } // Pollute the prototype ({}).__proto__.toString = () => alert('hacked'); // Trigger the…
Pedro A
  • 3,989
  • 3
  • 32
  • 56
2
votes
1 answer

Explanation of Facebook spam code

So, I've just seen this spam code on Facebook, written in JavaScript and I wondered if someone could explain to me how the code works, and interacts with Facebook. I do not intend to use this for malicious purposes, but I am simply interested in the…
James
  • 58
  • 1
  • 5
2
votes
0 answers

How can I get the memory address of a global variable using a Format String Attack in C?

Code is here: #include #define NUM 0x11a int data = NUM; int main(int argc, char * argv[]) { struct{ unsigned long memoryAddress; char array[50]; } locals; locals.memoryAddress= 2; scanf("%lx",…
Gardas462
  • 21
  • 2
2
votes
1 answer

Smashing the Stack - Trouble finding return address

I've been reading "Smashing the Stack for Fun and Profit" and seem to be encountering a problem similar to what others have run into the past; however I cannot figure out why my code is still not working. What I'm trying to do: Consider the code…
cloudy_eclispse
  • 313
  • 4
  • 16
1 2 3
52 53