Revision as of 06:26, 22 February 2011 edit Shajure (talk \| contribs) Extended confirmed users 2,185 edits A source for what they are... ← Previous edit		Revision as of 06:27, 22 February 2011 edit undo Shajure (talk \| contribs) Extended confirmed users 2,185 edits drop the opinion, leave the list of articles. Next edit →
Line 7: '''String exploits''' are [[security exploit]]s involving handling of [[String (computer science)\|string]] data in computer software.{{cite book\|title=Hacking: the art of exploitation\|series=No Starch Press Series\|publisher=Safari Books Online\|Author=Jon Erickson\|Edition=2, illustrated\|year=2008\|ISBN= 9781593271442}} * [[Format string attack]] * [[Format string attack]] - unchecked <code>[[printf\|printf]]</code> format strings are dangerous<!-- If exception handling is not involved --> [[Buffer overflow]] ~~- Buffer overflows often occurs in unsafe string functions~~ * [[Cross-site scripting]] ~~- unsafe output of input strings~~ * [[Directory traversal]] ~~- concatenating strings to create a filename is not a good idea~~ * [[SQL injection]] ~~- concatenating strings to create a SQL statement is not a good idea~~ {{DEFAULTSORT:String Exploits}}

Improper input validation: Difference between revisions