String exploits

Several implementation / design flaws are associated with string programming, some of those are associated with security exploits.

Concatenation problems

It is possible to cause String1 + User_Input_String + String2 to behave in unexpected ways by crafting unanticipated User_Input_String, such as having string2 ignored in processing.

String termination

In many environments, it is possible to truncate the string with clever input.
  • PHP: %00 (NUL) can terminate strings, when used for API calls that uses it to terminate strings.
  • Oracle: CHR(0) (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE.

    • Comment out characters

    In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters.
  • Many languages: /* means ignore everything until a */ combination.
  • SQL: -- means ignore rest of line
  • Unix shells: # means ignore rest of line

    • See also (other string problems)

  • Format string attack - unchecked *printf format strings are dangerous
  • Buffer overflow - Buffer overflows often occurs in unsafe string functions
  • Cross-site scripting - unsafe output of input strings
  • Directory traversal - concatenating strings to create a filename is not a good idea
  • SQL injection - concatenating strings to create a SQL statement is not a good idea

    • Category:Computer security exploits

    Comments