Questions tagged [string]
related to vulnerabilities in string manipulation libraries (ex.: causing a buffer overflow by omitting the null terminator), or related to sanitizing input strings.
18 questions
0
votes
0
answers
100
views
T-SQL, string injection, REPLACE(@myVariable, '''', '''''') approach? Once and for all
I see there are forums about this question, but everywhere, I fail to see the answer I am looking for.
I have a stored procedure which its purpose is to execute dynamic SQL statement.
It uses a cursor ...
- 1
0
votes
0
answers
27
views
Any idea on how this 36 character long string generated? [duplicate]
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?...
- 101
5
votes
2
answers
554
views
A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?
Suppose that we have this code (in TypeScript syntax):
function one(str: string): string {
// do something with the string
return str
}
function two() {
let s = getSomeString() // returns some ...
- 81
1
vote
0
answers
191
views
Attack on a string created by a developer
Go and Java have "compile time constants", and JavaScript will soon get a feature that allows "Distinguishing strings from a trusted developer from strings that may be attacker ...
- 111
0
votes
0
answers
211
views
When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this?
When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this? Like if you take in the string without validating it's just ...
- 101
5
votes
1
answer
15k
views
How to do string buffer overflow with scanf function?
I'm new to buffer overflow exploitation. I've written a simple C program which will ask the user to input a string (as a password) and match that string with "1235". If matched then it will ...
- 197
0
votes
1
answer
1k
views
How to find just the first character or value of a MD5 hash string
I want to know how to find just the first character or digit in first part of a 64 length string from a MD5 hash. For example, we have a hash:
...
- 11
0
votes
3
answers
669
views
What string encoding options are there besides xor? [closed]
When attempting to obfuscate strings in a modern program, xor is probably the most common option. By this I mean running each char of a string through a function which xors the char with some given ...
- 1,362
4
votes
2
answers
965
views
Format String Exploitation with limited number of characters possible?
Is the exploitation of a format string vulnerability possible if the number of characters you're allowed to enter is limited?
Let's say I'm just allowed to enter input with 23 characters. I can read ...
- 41
2
votes
2
answers
570
views
Single or double quotes in PHP?
In general which is safer to use, with regards to XSS evasion in particular?
echo '<input name="'.$input_name.'">';
echo "<input name='$input_name'>";
I'm guessing single quotes, but ...
- 167
2
votes
2
answers
1k
views
Passing query string into a stripe API
How secure is it to pass in to a Stripe website (external, not our own site) some data to prefill a form through the query string? It's an external site so we can't just pass it in encrypted like we ...
- 123
-1
votes
1
answer
541
views
PHP HASH DECODER [closed]
Please I need help, I bought a PHP mailer, hosted it on my server and found out that it copies all messages and maillist to a different email address,
I examined the code and became suspicious about ...
- 11
4
votes
1
answer
720
views
String format exploit
I have the following scenario: printf is called with a 20 byte long string (19 characters + 0x00) which I control. The string cannot contain n, s, S and $. My goal is to bypass a strcmp with a random ...
- 171
0
votes
1
answer
1k
views
Is there a good site I can use to convert a string into any encoding? [closed]
I am working on a ctf (capture the flag) challenge and I have a string that I believe is important, but I don't know what encoding it is in. Is there a way I can decode the string in all of the ...
- 2,401
1
vote
0
answers
184
views
Implementation of SQL "LIKE" Operator in Database Outsourcing
Recently, I read some papers about DB Outsourcing that implement aggregate functions over encrypted data. What I want to know, is there a method in DB Outsourcing to implement SQL LIKE operator that ...
- 25
7
votes
1
answer
10k
views
How To Proper Handle Passwords In C#
It's a well known fact that C# string is pretty insecure, it's not pinned in RAM, the Garbage Collector can move it, copy it, leave multiple traces of it in RAM and the RAM can be swapped and be ...
- 333
2
votes
0
answers
499
views
How exactly does format string vulnerable code read data from stack?
If we have a code like printf(buffer) where the user can control the buffer, I understand that the user could insert something like AAAA%08x%08x%08x... and would as the output get the content of a ...
- 2,309
5
votes
2
answers
816
views
What kind of bugs can be found by dumb fuzzing a desktop app?
I'm just starting out to learn about fuzzing and have made a dumb fuzzer that changes several random bytes in a pdf file to random values, opens it and detects if Acrobat Reader has crashed. What ...
- 2,309