6a96547ef0
git-svn-id: http://webgoat.googlecode.com/svn/branches/webgoat-6.0@485 4033779f-a91e-0410-96ef-6bf7bf53c507
21 lines
1.2 KiB
HTML
21 lines
1.2 KiB
HTML
<div align="Center">
|
|
<p><b>Lesson Plan Title:</b> How to Exploit "Off-by-One" Buffer Overflow Vulnerabilities</p>
|
|
</div>
|
|
<p><b>Concept / Topic To Teach:</b></p>
|
|
How to Exploit a Web Based "Off-by-One" Buffer Overflow.
|
|
<br>
|
|
<div align="Left">
|
|
<p><b>How the attack works:</b>
|
|
</p>
|
|
Despite being more rare, buffer overflow vulnerabilities on the web occur when a tier of the application has insufficient memory allocated to deal with the data submitted by the user. Typically, such a tier would be written in C or a similar language.
|
|
|
|
For the particular subset, namely, off-by-one overflows, this lesson focuses on the consequences of being able to overwrite the position for the trailing null byte.
|
|
|
|
As a result, further information is returned back to the user, due to the fact that no null byte was found.
|
|
</div>
|
|
<p><b>Lesson Goal(s):</b> </p>
|
|
<!-- Start Instructions -->
|
|
<p>Welcome to the <b>OWASP Hotel</b>! Can you find out which room a VIP guest is staying in?</p>
|
|
<!-- Stop Instructions -->
|
|
* Understand how a buffer overflow vulnerability can be triggered on a web application.<br>
|
|
* Understand what type of value lengths are likely to trigger a buffer overflow.<br> |