String exploits

From Wikipedia, the free encyclopedia

 This article may be too technical for a general audience.
Please help improve this article by providing more context and better explanations of technical details to make it more accessible, without removing technical details.
This article may not meet the general notability guideline or one of the following specific guidelines for inclusion on Wikipedia: Biographies, Books, Companies, Fiction, Music, Neologisms, Numbers, Web content, or several proposals for new guidelines. If you are familiar with the subject matter, please expand or rewrite the article to establish its notability. The best way to address this concern is to reference published, third-party sources about the subject. If notability cannot be established, the article is more likely to be considered for redirection, merge or ultimately deletion, per Wikipedia:Guide to deletion.
This article has been tagged since March 2008.

Several implementation / design flaws are associated with string programming, some of those are associated with security exploits.


Contents

[edit] Concatenation problems

It is possible to cause String1 + User_Input_String + String2 to behave in unepected ways by by crafting unanticipated User_Input_String, such as having string2 ignored in processing.

[edit] String termination

In many environments, it is possible to truncate the string with clever input.

  • PHP: %00 (NUL) can terminate strings, when used for API calls that uses it to terminate strings.
  • Oracle: CHR(0) (NUL) can terminate strings when used for e.g. EXECUTE IMMEDIATE.

[edit] Comment out characters

In many environments, it is possible to "ask" the system to ignore the rest of the string, using "comment" characters.

  • Many languages: /* means ignore everything until a */ combination.
  • SQL: -- means ignore rest of line
  • Unix shells: # means ignore rest of line

[edit] See also (other string problems)