Security Testing 简明教程
Security Testing - Buffer Overflows
当程序尝试在临时数据存储区域(缓冲区)中存储比预期更多的数据时,就会发生缓冲区溢出。由于缓冲区是为容纳有限数量的数据而创建的,因此额外信息可能会溢出到相邻缓冲区,从而损坏其中保存的有效数据。
A buffer overflow arises when a program tries to store more data in a temporary data storage area (buffer) than it was intended to hold. Since buffers are created to contain a finite amount of data, the extra information can overflow into adjacent buffers, thus corrupting the valid data held in them.
Example
以下是缓冲区溢出的经典示例。它展示了一个简单的缓冲区溢出,它是由依赖于外部数据来控制其行为的第一种情况引起的。无法限制用户输入的数据量,并且该程序的行为取决于用户输入的字符数。
Here is a classic examples of buffer overflow. It demonstrates a simple buffer overflow that is caused by the first scenario in which relies on external data to control its behavior. There is no way to limit the amount of data that user has entered and the behavior of the program depends on the how many characters the user has put inside.
...
char bufr[BUFSIZE];
gets(bufr);
...Hands ON
Step 1 − 我们需要使用姓名和房间号登录才能获得互联网访问权限。以下是场景快照。
Step 1 − We need to login with name and room number to get the internet access. Here is the scenario snapshot.
Step 2 − 我们还将在 Burp Suite 中启用“取消隐藏隐藏表单字段”,如下所示 −
Step 2 − We will also enable "Unhide hidden form fields" in Burp Suite as shown below −
Step 3 − 现在我们在姓名和房间号字段中发送输入。我们还尝试在房间号字段中注入一个很大的数字。
Step 3 − Now we send an input in name and room number field. We also try and inject a pretty big number in the room number field.
Step 4 − 隐藏字段按如下所示显示。我们单击接受条款。
Step 4 − The hidden fields are displayed as shown below. We click accept terms.
Step 5 − 攻击成功,因此由于缓冲区溢出,它开始读取相邻的内存位置,并按如下所示显示给用户。
Step 5 − The attack is successful such that as a result of buffer overflow, it started reading the adjacent memory locations and displayed to the user as shown below.
Step 6 − 现在,让我们使用显示的数据进行登录。登录后,将显示以下消息 −
Step 6 − Now let us login using the data displayed. After logging, the following message is displayed −
