Exploitation Buffer Overflow SQL injection Adobe files Source
Exploitation: Buffer Overflow, SQL injection, Adobe files Source: http: //xkcd. com/327/
Buffer Overflows n Integer Overflow Vulnerabilities – – – n insufficient input validation, not a buffer overflow errors in integer operations may cause the integer to overflow may represent the size of a packet or length of a string exploits take advantage of integer overflow indirectly a few actual examples. Stack-based Buffer Overflows – – Buffer overflows are the result of a buffer receiving data that are larger than the allocate space. Stack-based overflows are the most common because are the easiest to exploit (see the examples in the link). Modern compilers (e. g. MS Visual C++ 2008) use a technique known as stack cookies to prevent use of invalid return addresses, but not enough. Data Execution Prevention (DEP) of modern processors can be used to make the stack area non executable.
SQL Injection n Concept “attacks that result from failing to validate input including portions of SQL statements in a web form entry field in an attempt to pass a newly formed rogue SQL command to the database. ” n Description and examples – – – n PHP manual on SQL injection with examples, see also OWASP. Imperva video demonstration of SQL injection SQL Injection Cheat Sheet: code for My. SQL, MS SQL, Oracle Scanning and mitigation – – – Business scanners and free scan tool Mitigation: sanitation, PHP mysql escape function and validation. References: more in validation, MS library, ASSIST, parse tree validation.
Adobe files (pdf) n Why pdf files are a security issue? – – – n The pdf file structure: objects with text, streams, etc – – – n Most if not all machines have a pdf reader (some are vulnerable) Attackers use pdf files to deliver malicious code because: users download them, and so do, automatically. browsers. Malicious pdf files contain Java. Script, but some execute code even without Java. Script. Graphical representations: overview, Stevens, Parker, details. To run a Java. Script use <</Type/Action …. JS <</Open/Action << JS … Example of non-malicious use of Java. Script in pdf files. Stevens tools to parse and create Java. Script in a pdf file. Mitigating and/or reducing the risks of malicious pdf files – – Disable Java. Script in the pdf reader, make browser open pdf files in the pdf reader. Use Stevens tool to check for Java. Script in files you mistrust.
- Slides: 4