String exploits

Several implementation / design flaws are associated with string programming, some of those are associated with security exploits.
Concatenation problems
It is possible to cause String1 + User_Input_String + String2 to behave in unexpected ways by crafting unanticipated User_Input_String, such as having string2 ignored in processing.
String termination
In many environments, it is possible to truncate the string with clever input.
* PHP: %00 (NUL) can terminate strings, when used for API calls that uses it to terminate strings.
* Oracle: CHR(0) (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE.
Comment out characters
In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters.
* Many languages: /* means ignore everything until a */ combination.
* SQL: -- means ignore rest of line
* Unix shells: # means ignore rest of line
See also (other string problems)
* Format string attack - unchecked <code></code> format strings are dangerous
* Buffer overflow - Buffer overflows often occurs in unsafe string functions
* Cross-site scripting - unsafe output of input strings
* Directory traversal - concatenating strings to create a filename is not a good idea
* SQL injection - concatenating strings to create a SQL statement is not a good idea
 
< Prev   Next >