Content deleted Content added
m remove Erik9bot category,outdated, tag and general fixes |
|||
Line 1:
{{Unreferenced|date=December 2009}}
{{Notability|date=March 2008}}
Several implementation / design flaws are associated with [[String (computer science)|string]] programming, some of those are associated with [[security exploit]]s.
==
It is possible to cause ''String1 + User_Input_String + String2'' to behave in unexpected ways by crafting unanticipated User_Input_String, such as having string2 ignored in processing.
===
In many environments, it is possible to truncate the string with clever input.
* PHP: '''%00''' (NUL) can terminate strings, when used for API calls that uses it to terminate strings.
* Oracle: '''CHR(0)''' (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE.
===
In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters.
* Many languages: '''/*''' means ignore everything until a '''*/''' combination.
Line 18:
* Unix shells: '''#''' means ignore rest of line
==
* [[Format string attack]] - unchecked <code>[[printf|*printf]]</code> format strings are dangerous<!-- If exception handling is not involved -->
* [[Buffer overflow]] - Buffer overflows often occurs in unsafe string functions
Line 25:
* [[SQL injection]] - concatenating strings to create a SQL statement is not a good idea
{{DEFAULTSORT:String Exploits}}
[[Category:Computer security exploits]]
| |||