The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Remote probing for the vulnerabilities described in this chapter carries

Download 5,76 Mb.

Pdf ko'rish

bet	870/875
Sana	01.01.2022
Hajmi	5,76 Mb.
	#293004

1 ... 867 868 869 870 871 872 873 874 875

Bog'liq
3794 1008 4334

Stack Overflows

Remote probing for the vulnerabilities described in this chapter carries

a high risk of denial-of-service to the application. Unlike vulnerabilities such

as weak authentication and path traversal, the mere detection of classic

software vulnerabilities is likely to cause unhandled exceptions within the

target application, which may cause it to stop functioning. If you intend to

probe a live application for these bugs, you must ensure that the application

owner accepts the risks associated with the testing before you begin.

Buffer Overflow Vulnerabilities

Buffer overflow vulnerabilities occur when an application copies user-

controllable data into a memory buffer that is not sufficiently large to accom-

modate it. The destination buffer is overflowed, resulting in adjacent memory

being overwritten with the user’s data. Depending on the nature of the vul-

nerability, an attacker may be able to exploit it to execute arbitrary code on the

server or perform other unauthorized actions. Buffer overflow vulnerabilities

have been hugely prevalent in native software over the years, and have been

widely regarded as the Public Enemy Number One that developers of such

software need to avoid.

Stack Overflows

Buffer overflows typically arise when an application uses an unbounded copy

operation (such as

strcpy

in C) to copy a variable-size buffer into a fixed-size

buffer without verifying that the fixed-sized buffer is large enough. For example,

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 867 868 869 870 871 872 873 874 875