Похожие чаты

I am trying to create a poc in order to

achieve the following vulnerabilty bug class in my code for my research porpuses based on the top 25 from cwe I got the following list from the most insecure code bug class, how can I implement an Out-of-bounds Read / Out-of-bounds Write in the shown code in order bypass ASLR security via info leaks?

Information leak
Out-of-bounds Read
Use After Free
Integer Overflow or Wraparound
Out-of-bounds Write
Heap overflow
> The only way to reliably bypass DEP and ASLR is through an pointer
> leak. This is a situation where a value on the stack, at a reliable
> location, might be used to locate a usable function pointer or ROP
> gadget. Once this is done, it is sometimes possible to create a
> payload that reliably bypasses both protection mechanisms.



#include <iostream>
using std::cout;
using std::endl;

class A
{
public:
void Func() { cout << "the address is: " << this <<endl; }
};

void Test(void)
{
A *p;

p->Func();

{
A a;
p = &a;
p->Func();
}

p->Func(); //dangling pointer
}

int main()
{
Test();
return 0;
}

1 ответов

17 просмотров

if you are starting, I think you should avoid aslr first, but if you are interested... check implementations of rop

Похожие вопросы

Обсуждают сегодня

Господа, а что сейчас вообще с рынком труда на делфи происходит? Какова ситуация?
Rꙮman Yankꙮvsky
29
А вообще, что может смущать в самой Julia - бы сказал, что нет единого стандартного подхода по многим моментам, поэтому многое выглядит как "хаки" и произвол. Короче говоря, с...
Viktor G.
2
@Benzenoid can you tell me the easiest, and safest way to bu.y HEX now?
Živa Žena
20
This is a question from my wife who make a fortune with memes 😂😂 About the Migration and Tokens: 1. How will the old tokens be migrated to the new $LGCYX network? What is th...
🍿 °anton°
2
30500 за редактор? )
Владимир
47
а через ESC-код ?
Alexey Kulakov
29
What is the Dex situation? Agora team started with the Pnetwork for their dex which helped them both with integration. It’s completed but as you can see from the Pnetwork ann...
Ben
1
Гайс, вопрос для разносторонее развитых: читаю стрим с юарта, нада выделять с него фреймы с определенной структурой, если ли чо готовое, или долбаться с ринг буффером? нада у...
Vitaly
9
Anyone knows where there are some instructions or discort about failed bridge transactions ?
Jochem
21
@lozuk how do I get my phex copies of my ehex from a atomic wallet, to move to my rabby?
Justfrontin 👀
11
Карта сайта