I definetely understand how they work on paper: A software happens trusts data to be not too long and writes it in some buffer (array) without making sure it fits in that buffer. This results in writing out of bounds of the array when data is too big (for example the user decides to input a bigger string than allowed). This results in being able to manipulate memory far beyond the buffer, meaning you can also manipulate things like the function return address, so you can inject your own code in there.
Good, but how do you actually do that? How do I know what the addresses are at a given buffer overflow? How "easy" or "hard" is it to exploit a simple user input buffer overflow?
[link] [comments]
from hacking: security in practice https://ift.tt/GP1pdT3
Comments
Post a Comment