|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Dave Aitel (daitel
atstake.com)Date: Fri Jan 11 2002 - 17:48:35 CST
Patrik Birgersson wrote:
> On 12:41pm, James Fleming shouted:
>
> ' I had an idea. If my input filter doesn't accept any
> ' binary data on input (ie i check the object type and
> ' only allow String, Int etc....how can anyone pass a
> ' overflow payload to the application ?
> However, if one wishes to do something besides the actual overflow (that
> is - flood the buffer), like running arbitrary code - then binary data is
> required for execution on the stack.
>
Not true. Read Phrack for asc.c.
Also read Chris Anley's latest paper on Unicode buffer overflows...
-dave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]