Java Injection

sla.ckers.org is
ha.ckers sla.cking

How do you completely compromise a machine given a text box or badly validated input box? This is a place to talk about code issues (PHP includes, null byte injection, backticks, pipe, etc...) as well as how to properly construct an SQL injection attack.

Go to Topic: Previous•Next

Go to: Forum List•Message List•New Topic•Search•Log In

Java Injection

Posted by: maluc

Date: November 29, 2006 06:15AM

can you? for example https://buildsecurityin.us-cert.gov/daisy/bsi/search?query=asdf%27e%22e%3Ee%3Ce

is there a way to inject into java to inject arbitrary commands or to smash the stack. i don't know enough about java, so an example if so would be nice ^^

-maluc

Options: Reply•Quote

Re: Java Injection

Posted by: nEUrOO

Date: November 29, 2006 07:44AM

You can have a command injection for Java here:
http://samate.nist.gov/SRD/?1596

But for the stack, you only (I guess) have to make Java performing a infinite loop...

nEUrOO -- http://rgaucher.info -- http://twitter.com/rgaucher

Options: Reply•Quote

Re: Java Injection

Posted by: jungsonn

Date: November 30, 2006 07:00AM

Specificly JAVA? or JAVA that is using SQL to query a DB?
i don't like JAVA, but sure, buffer overflow is pretty easy (as in every (c based) language). still it relies on the protection of the language itself, so there's nothing you could do about that issue. Like in certain functions in PHP which are easy to force with alot of data thrown into, says more about the language itself and it's functions.

i don't know JAVA in depth to give any example.

Options: Reply•Quote

Go to: Forum List•Message List•Search•Log In

Sorry, only registered users may post in this forum.

Click here to login