|
String exploits
|
|
Several implementation / design flaws are associated with string programming, some of those are associated with security exploits. Concatenation problems It is possible to cause String1 + User_Input_String + String2 to behave in unexpected ways by crafting unanticipated User_Input_String, such as having string2 ignored in processing. String termination In many environments, it is possible to truncate the string with clever input. * PHP: %00 (NUL) can terminate strings, when used for API calls that uses it to terminate strings. * Oracle: CHR(0) (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE. Comment out characters In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters. * Many languages: /* means ignore everything until a */ combination. * SQL: -- means ignore rest of line * Unix shells: # means ignore rest of line See also (other string problems) * Format string attack - unchecked <code></code> format strings are dangerous * Buffer overflow - Buffer overflows often occurs in unsafe string functions * Cross-site scripting - unsafe output of input strings * Directory traversal - concatenating strings to create a filename is not a good idea * SQL injection - concatenating strings to create a SQL statement is not a good idea See Also
|
| < Prev | Next > |
|---|
Main Menu
| Home |
| Articles |
| Search |
| Submit Article |
| Contact Us |
| Donate to Wikibin |
