Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-27 11:09:09 -04:00
Code Issues Packages Projects Releases Wiki Activity

disclaimer

Browse Source
This commit is contained in:
Mari Wahl 2015-02-12 18:42:26 -08:00
parent ab05e249d4
commit 4863f37c43
1 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Memory_Exploits/README.md
View File

@ -5,7 +5,7 @@
* Unbounded data copying is bad.
* Lots of APIs:
* Lots of APIs:
- strcpy()
- strcat()
- sprintf()
@ -151,10 +151,10 @@ return 1;
}
```
### Integer Overflow Exploitation
### Integer Overflow Exploitation
* In the code below, buf is intend to have enough space +1 to store a NULL byte for a string.
* If the network data supplied is 0xFFFFFFF (max 32 bit value), when 1 is added, it will wrap to 0. This means that the length passed to malloc is zero bytes.
* In the code below, buf is intend to have enough space +1 to store a NULL byte for a string.
* If the network data supplied is 0xFFFFFFF (max 32 bit value), when 1 is added, it will wrap to 0. This means that the length passed to malloc is zero bytes.
* malloc() will return an under-sized buffer that allows memory corruption in read().
```
@ -227,3 +227,8 @@ void extractUserZip(char *userFile)
### C-codes
- Get env variable
----
## Disclaimer
Some of these scripts are older and some of them are not mine. If you see code you recognize here please let me know in a Issue so I can assign proper credit.