IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [string]

related to vulnerabilities in string manipulation libraries (ex.: causing a buffer overflow by omitting the null terminator), or related to sanitizing input strings.

The string type is a fundamental datastructure in computing - often represented as an array of chars in low level languages, or as a basic type in higher-level languages.

Over the years, many vulnerabilities have been introduced by sloppy handling of strings - for example, naive use of c's basic operation scanf(format string, inputString) is vulnerable to a buffer overflow if the null terminator is absent. Vulnerabilities are also introduced by improper sanitization of input strings in higher level languages like javascript or sql.

17 questions
7
votes
1 answer

How To Proper Handle Passwords In C#

It's a well known fact that C# string is pretty insecure, it's not pinned in RAM, the Garbage Collector can move it, copy it, leave multiple traces of it in RAM and the RAM can be swapped and be available as a file to be read, not mentioning several…
mFeinstein
  • 241
  • 4
  • 13
5
votes
2 answers

What kind of bugs can be found by dumb fuzzing a desktop app?

I'm just starting out to learn about fuzzing and have made a dumb fuzzer that changes several random bytes in a pdf file to random values, opens it and detects if Acrobat Reader has crashed. What types of bugs can I expect to find using such a…
pineappleman
  • 2,279
  • 11
  • 21
4
votes
1 answer

String format exploit

I have the following scenario: printf is called with a 20 byte long string (19 characters + 0x00) which I control. The string cannot contain n, s, S and $. My goal is to bypass a strcmp with a random value (either by using the exploit to read the…
Timo89
  • 171
  • 5
3
votes
2 answers

A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?

Suppose that we have this code (in TypeScript syntax): function one(str: string): string { // do something with the string return str } function two() { let s = getSomeString() // returns some unknown string that may contain surrogates s =…
trusktr
  • 61
  • 9
3
votes
1 answer

How to do string buffter overflow with scanf function?

I'm new to buffer overflow exploitation. I've written a simple C program which will ask user to input a string (as a password) and match that string with "1235". If matched then it will print "Access Approved", otherwise it'll print "Access Denied".…
Abhirup Bakshi
  • 167
  • 1
  • 6
2
votes
1 answer

Format String Exploitation with limited number of characters possible?

Is the exploitation of a format string vulnerability possible if the number of characters you're allowed to enter is limited? Let's say I'm just allowed to enter input with 23 characters. I can read the stack like this of…
Stjubit
  • 21
  • 2
2
votes
2 answers

Single or double quotes in PHP?

In general which is safer to use, with regards to XSS evasion in particular? echo ''; echo ""; I'm guessing single quotes, but wondering why & hoping to find recommended reading.
admcfajn
  • 169
  • 14
2
votes
2 answers

Passing query string into a stripe API

How secure is it to pass in to a Stripe website (external, not our own site) some data to prefill a form through the query string? It's an external site so we can't just pass it in encrypted like we would with our own sites data. I would assume it…
L_Church
  • 123
  • 6
2
votes
0 answers

How exactly does format string vulnerable code read data from stack?

If we have a code like printf(buffer) where the user can control the buffer, I understand that the user could insert something like AAAA%08x%08x%08x... and would as the output get the content of a part of the stack. I understand that this is because…
pineappleman
  • 2,279
  • 11
  • 21
1
vote
0 answers

Attack on a string created by a developer

Go and Java have "compile time constants", and JavaScript will soon get a feature that allows "Distinguishing strings from a trusted developer from strings that may be attacker controlled" via isTemplateObject. These allow the program to check if a…
Craig Francis
  • 111
  • 4
1
vote
0 answers

Implementation of SQL "LIKE" Operator in Database Outsourcing

Recently, I read some papers about DB Outsourcing that implement aggregate functions over encrypted data. What I want to know, is there a method in DB Outsourcing to implement SQL LIKE operator that supports the queries include this for encrypted…
ThisIsMe
  • 25
  • 1
  • 6
0
votes
0 answers

Floss and many tools not detecting cyrillic strings in binary

I am practicing some malware detection basics and it has caught my attention that the Cyrillic alphabet is not detected by practically any traditional string detection tool. Source Code while (strcmp(password, user_input) != 0) { …
Underd0g
  • 1
0
votes
0 answers

When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this?

When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this? Like if you take in the string without validating it's just numbers, is there any risk? Are there any known CVEs…
scaly
  • 101
0
votes
1 answer

How to find just the first character or value of a MD5 hash string

I want to know how to find just the first character or digit in first part of a 64 length string from a MD5 hash. For example, we have a hash: f95debd50b95304af9de1975393069143b7fb7df10ea00d189657d55b89c555c and MD5 is:…
Hassi
  • 11
0
votes
3 answers

What string encoding options are there besides xor?

When attempting to obfuscate strings in a modern program, xor is probably the most common option. By this I mean running each char of a string through a function which xors the char with some given number. This is popular because when the "cipher…
the_endian
  • 1,009
  • 1
  • 8
  • 17
1
2