You can override the PATH variable to point to a directory with your custom version of echo and since echo is executed using env, it isn’t treated as a built-in. This constitues a vulnerability only if the code is run as privileged user. In the example below file v.c contains the code from the question. … Read more
“Two xref tables and two %%EOF“? This alone is not an indication of a malicious PDF file. There can by two or even more instances of each, if the file was generated via the “incremental update” feature. (Each digitally signed PDF file is like that, and each file which was changed in Acrobat and saved … Read more
I think your sscanf example is wrong. It can still overflow when used that way. Try this, which specifies the maximum number of bytes to read: void main(int argc, char **argv) { char buf[256]; sscanf(argv[0], “%255s”, &buf); } Take a look at this IBM dev article about protecting against buffer overflows. In terms of testing, … Read more
The code takes the address of the local variable i to get a pointer into the current stack frame. Then, it aligns the address to 8K page (that is what you do with x & ~8191: 8191 is 2^13 – 1 which means ~8191 is all ones except the low 13 bits, so ANDing it … Read more
The JNDI feature was added into Log4j 2.0-beta9. Log4j 1.x thus does not have the vulnerable code.
When articles talk about parameterized queries stopping SQL attacks they don’t really explain why, it’s often a case of “It does, so don’t ask why” — possibly because they don’t know themselves. A sure sign of a bad educator is one that can’t admit they don’t know something. But I digress. When I say I … Read more
Yes, you can format the console.log() with something like this: console.log(“%cExtra Large Yellow Text with Red Background”, “background: red; color: yellow; font-size: x-large”); Note the %c preceding the text in the first argument and the style specifications in the second argument. The text will look like your example. See Google’s “Styling Console Output with CSS” … Read more
The shellcode contains some x86 assembly instructions that will do the actual exploit. spray creates a long sequence of instructions that will be put in memory. Since we can’t usually find out the exact location of our shellcode in memory, we put a lot of nop instructions before it and jump to somewhere there. The … Read more