Example Sins
| | ||
The following entries in Common Vulnerabilities and Exposures (CVE) at http:// cve.mitre.org are examples of SQL injection. Out of the 188 CVE entries that reference format strings, this is just a sampling.
CVE-2000-0573
From the CVE description: The lreply function in wu- ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
This is the first publicly known exploit for a format string bug. The title of the BUGTRAQ post underscores the severity of the problem: Providing *remote* root since at least 1994.
CVE-2000-0844
From the CVE description: Some functions that implement the locale subsystem on UNIX do not properly cleanse user -injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
The full text of the original advisory can be found at www.securityfocus.com/archive/1/80154, and this problem is especially interesting because it affects core system APIs for most UNIX variants (including Linux), except for BSD variants due to the fact that the NLSPATH variable is ignored for privileged suid application in BSD. This advisory, like many CORE SDI advisories, is especially well written and informative and gives a very thorough explanation of the overall problem.
EAN: 2147483647
Pages: 239
- Using SQL Data Definition Language (DDL) to Create Data Tables and Other Database Objects
- Performing Multiple-table Queries and Creating SQL Data Views
- Working with SQL JOIN Statements and Other Multiple-table Queries
- Working with Ms-sql Server Information Schema View
- Monitoring and Enhancing MS-SQL Server Performance