Buffer Overflows

  • 320
  •  
  •  
  • 1
  •  
  •  
  •  
    321
    Shares

One of the most dangerous input attacks is a buffer overflow that clearly targets input fields in web apps. For example, a credit-reporting app might authenticate users before they are permitted to submit data or pull reports. The login form uses the following code to take user IDs with a maximum input of 12 characters, as indicated by the maxsize variable:

<form name=”Webauth” action=”www.app.com/log-in.cgi” method=”POST”>

<input type=”text” name=”input_name” maxsize=”12”>

A normal login session would require a valid login name of 12 characters or less. But, the maxsize variable can be modified to something large, such as 150 or even 1,000. Then a hacker can enter bogus data in the login field. What happens next is anyone’s visit — the application might hang, overwrite other data in memory, or crash the server.

Hackers usually use buffer overflows to corrupt the execution stack of a web app. By transferring fully crafted input to a web app, a hacker can make the web app to execute arbitrary code and probably taking over the server.

Buffer overflow vulnerabilities can exist in both the web server and the products of the application server that serve the static and dynamic parts of a website, or in the web app itself.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Do NOT follow this link or you will be banned from the site!