cwstmartin / webgoat

Automatically exported from code.google.com/p/webgoat
0 stars 0 forks source link

Buffer Overflow Lesson Idea #39

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

It seems that no one can come up with the idea on how to implement Buffer
Overflow on java platform for WebGoat lesson.

I also couldn't think it. Now I've got an idea. 

My proposed idea is indirect means of executing BO.
Write a simple C HTTP server program that accepts GET request with
unchecked validation on variables.
BO lesson will have allowed commands to send to this sever program.
Then, we trigger Buffer Overflow via malicious GET request. 
Upon the server crash/stop or successfully executing system commands, the
lesson is marked as completed.

Original issue reported on code.google.com by yehg.net on 3 May 2010 at 4:32

GoogleCodeExporter commented 8 years ago
Buffer overflow lesson was added in 5.4.  I am open to having you build a 
lesson from your comments.

Original comment by mayhe...@gmail.com on 23 Apr 2012 at 1:27