Any application that takes
In C/C++, look for functions from the printf family. Problems to look for are
printf(user_input); fprintf(STDOUT, user_input);
If you see a function that looks like this:
fprintf(STDOUT, msg_format, arg1, arg2);
then you need to verify where the string referenced by msg_format is stored and how well it is protected.
There are many other system calls and APIs that are also vulnerablesyslog is one example. Any time you see a function definition that includes in the argument list, youre looking at something that is likely to be a problem.
Many source code
There are also
Pass formatting specifiers into the application and see if
hexadecimal values are returned. For example, if you have an
application that expects a file
This is obviously somewhat language-dependent; you should pass in the formatting specifiers that are used by the implementation language youre using at least. However, since many language run times are implemented in C/C++, youd be wise to also send in C/C++ formatting string commands to detect cases where your underlying library has a dangerous vulnerability.
Note that if the application is web based and echoes your
The following entries in Common Vulnerabilities and Exposures (CVE) at http:// cve.mitre.org are examples of SQL injection. Out of the 188 CVE entries that reference format strings, this is just a sampling.
From the CVE description: The lreply function
This is the first
From the CVE description: Some functions that
implement the locale subsystem on UNIX do not properly cleanse
The full text of the original advisory can be found at
www.securityfocus.com/archive/1/80154, and this problem is