exploit

I'm trying to write a proof of concept in C that demonstrates code execution from a memory buffer in the stack on an ARM Cortex-M3. This will be useful to demonstrate that using the ARM MPU correctly can prevent such an attack. I figured a quick and dirty way to get some code into the stack is to copy it from a regular function and then use a goto to jump to it like so: static void loopit(void) { printf("loopit\n"); while (1); } void attack(void) { uint8_t buffer[64] __attribute__((aligned(4))); memcpy(buffer, loopit, sizeof(buffer)); goto *((void *) (int) buffer); } I would expect that when I

I'm using the code below to try to execute some shellcode stored in an environment variable by overflowing the searchstring variable so that the return address of main contains the address of the anvironment variable. However, I get a segmentation fault before the printf command. #include <stdio.h> #include <string.h> void main(int argc, char *argv[]){ char searchstring[100]; if(argc > 1) strcpy(searchstring, argv[1]); else // otherwise searchstring[0] = 0; printf("Here"); } I compile the code using gcc -m32 -g -o overflow.o overflow.c -fno-stack-protector -z execstack in order to disable the

We happened to use IBM appscan http://www-01.ibm.com/software/awdtools/appscan/ against our java codebase, and it returned around 3000 high severity vulnerabilities. Most of them happen to be System Information Leak, which it thinks is happening when we print stack traces in the catch blocks, but we only print the filename and line number it is happening, enabling us to debug the code better. And some are about SQL injection, input validation etc. But, my question was about Resource exhaustion (file descriptor, disk space, sockets, ...), and it lists all instances of java.io.BufferedReader

I am reading a book called "Hacking: The art of exploitation" and I came across this paragraph: With execl(), the existing environment is used, but if you use execle(), the entire environment can be specified. If the environment array is just the shellcode as the first string (with a NULL pointer to terminate the list), the only environment variable will be the shellcode. This makes its address easy to calculate. In Linux, the address will be 0xbffffffa, minus the length of the shellcode in the environment, minus the length of the name of the executed program. Since this address will be exact,

I've recently learned that it's possible to inject arrays into PHP GET variables to perform code execution? .php?a[]=asd&a[]=asdasd&b[]=$a That was the example I was given. I have no idea how it works and was wondering if this is even possible? PHP will parse the query string, and inject those values in the $_GET super-global array (same for $_POST if this was done in a form using POST, btw) . In your case, the $_GET array will contain this : array 'a' => array 0 => string 'asd' (length=3) 1 => string 'asdasd' (length=6) 'b' => array 0 => string '$a' (length=2) Each value passed in the query

I'm trying to exploit my format string bug, which lies in this program: #include <sys/types.h> #include <sys/uio.h> #include <unistd.h> #include <stdio.h> #include <string.h> void foo(char* tmp, char* format) { /* write into tmp a string formated as the format argument specifies */ sprintf(tmp, format); /* just print the tmp buffer */ printf("%s", tmp); } int main(int argc, char** argv) { char tmp[512]; char format[512]; while(1) { /* fill memory with constant byte */ memset(format, '\0', 512); /* read at most 512 bytes into format */ read(0, format, 512); /* compare two strings */ if (