Buffer Over?¬‚ ows
Popularity: 8
Simplicity: 2
Impact: 10
Risk Rating: 9
Buffer overflows are one of the more complex injection attacks, as they take advantage
of developers misusing memory. Like command injection, a successful buffer overflow
attack gives the attacker complete control of the remote machine.
This section is intended to give you a feel for buffer overflows, but it does not discuss buffer overflows
in technical detail. You can consult other texts and articles such as Aleph One??™s classic ???Smashing
The Stack For Fun And Profit??? in Phrack magazine (www.phrack.org/archives/49/P49-14) for more
information on buffer overflows.
Chapter 1: Common Injection Attacks 17
Some programming languages, such as C and C++, place memory management
responsibilities on the developer. If the developer is not careful, user input could write to
memory that was not intended to be written to. One such memory location is called the return
address of a stack. The return address holds the memory address of the next machine instruction
block to execute. If an application is vulnerable to buffer overflows, an attacker could send a
very long string to the web application??”longer than the developer expected.
Pages:
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80