Questions tagged [exploit]

An exploit is a piece of software, a chunk of data, or sequence of commands that takes advantage of a bug, glitch, or vulnerability in order to cause unintended or unanticipated behavior to occur. This frequently includes such things as gaining control of a computer system, allowing privilege escalation, or a denial of service attack.

790 questions

votes

2 answers

Sanitizing MySQL user parameters

What are the dangerous characters that should be replaced in user input when the users' input will be inserted in a MySQL query? I know about quotes, double quotes, \r and \n. Are there others?(I don't have the option of using a smart connector that…

mysql sanitization exploit

asked Oct 23 '08 at 14:17

Tom

6,991
13
60
78

votes

5 answers

Detecting exploits in web applications and how to proceed

What ways are there for detecting exploits in PHP/MySQL web applications (checking for certain characters or pieces of codes in the GET, POST, COOKIE arrays / using a library with a database that has all the patterns for common exploits, if any…

php mysql security detection exploit

asked Feb 08 '10 at 21:38

TheMagician

1,846
7
20
26

votes

1 answer

What are the "missing" spaces on the stack used for?

I have this function: int vulnerableFunc(char *input) { char buffer[256]; memcpy(buffer, input, 1024); return 1; } When I call it with 2000 "A" and dissassemble it with ollydbg on a 32 bit windows XP machine, I get the following…

c assembly x86 exploit disassembly

asked Dec 21 '13 at 12:07

user962460

votes

2 answers

Hacking - The Art of Exploitation: debugging buffer overflow example

I'm reading the book "Hacking - The Art of Exploitation". There is an example on a stack buffer overflow. This is a part of the source of the attacked program, "notesearch": char searchstring[100]; // ... if(argc > 1) …

c linux overflow exploit

asked Aug 13 '13 at 18:27

Harry

1,105
8
20

votes

1 answer

Why "ulimit -s unlimited" can de-ASLR in overflow?

I know the ulimit -s unlimited trick (to fix the address of libc) but i dont understand the fact behind,anyone could help me to make a explanation?~ thx

linux security stack-overflow exploit

asked Jul 13 '13 at 13:42

user2579274

votes

2 answers

execle() also specifies the environment. What does that mean?

I am reading a book called "Hacking: The art of exploitation" and I came across this paragraph: With execl(), the existing environment is used, but if you use execle(), the entire environment can be specified. If the environment array is just…

c linux exec exploit shellcode

asked May 31 '13 at 19:48

matanc1

6,525
6
37
57

votes

2 answers

Blackhole Exploit / Javascript

my site got infected by the well known blackhole exploit. After some days and some help scripts i guess i fixed it now. I'm wondering what this exploit…

javascript exploit

asked May 27 '13 at 21:38

lufi

votes

1 answer

Return To Libc with Null byte in the addr

I am trying to perform a return to libc format string attack, but the address I want to write to ( 0x0804a000) has a null byte in it!! I have to read in my format string to snprintf so the null byte causes it to malfunction and Segfaults randomly.…

string format libc exploit

asked May 06 '13 at 15:26

user1455332

votes

1 answer

Trapping Bad Behavior with rewrite -phpmyadmin anywhere in URL

I'm hoping someone can help as I'm a bit of a noob when it comes to apache mod rewrite, and getting this one wrong can screw things up pretty bad. While going though my security logs I noticed that almost 50% of the attacker bots had the string…

apache .htaccess mod-rewrite security exploit

asked Dec 08 '12 at 05:16

user1887194

votes

2 answers

Windows console application with gets() ROP exploit

I'm trying (for learning purposes) to take advantage of gets() function vulnerability using return-oriented programming (ROP) technique. The target program is a Windows console application that in some point asks for some input, and then uses gets()…

security exploit

asked Mar 17 '12 at 17:34

Alex Lipov

13,503
5
64
87

votes

1 answer

Understanding metasploits meterpreter payload

I would like to get more in-depth knowledge of how the meterpreter works. If you disassemble the payload windows/meterpreter/reverse_typ, created by msfpayload with the following commands: $ msfpayload windows/meterpreter/reverse_tcp…

security assembly exploit metasploit

asked Feb 27 '12 at 07:27

Erik

11,944
18
87
126

votes

0 answers

Security: How come we still hear about many stack execution security flaws?

Security: How come we still hear about many stack execution security flaws even though mechanisms such as NX bit DEP and ASLR exist so many years ? Have hackers found ways to circumvent these ? When looking through relatively recent fixed security…

security exploit aslr nomachine-nx dep

asked Dec 18 '11 at 09:50

thedrs

1,412
12
29

votes

1 answer

Java - How is dynamic jar loading exploitable?

I'm working on a closed source java app that analyzes JAR files. Since java can be easily decompiled, and obfuscation really isn't a big deal, I want to provide an online service that will execute the app on my server and return it's result much…

java dynamic jar loading exploit

asked Nov 29 '11 at 07:18

YLivay

votes

1 answer

PHP code in .gif exploit

I need to know how to generate a GIF with php code inside, or how to modify a gif to add this so that I can perform a test on our avatar upload plugin in wordpress - I just want to ensure it is secure. Or if someone has a test image already, which I…

php security gif exploit

asked Nov 05 '11 at 14:38

Chris

2,340
6
40
63

votes

3 answers

Vulnerability & Exploit Case Studies

I understand the general idea of how vulnerabilities are exploited. Buffer overflows and stuff like that, but I guess I don't REALLY get it. Are there useful sources of information that explain this area well? Maybe case studies about how…

security buffer-overflow exploit

asked Apr 24 '09 at 16:38

carrier

32,209
23
76
99

Prev 1 2 3

…

52 53 Next