Added command injection example and secured examples

author: marcinzelent <zelent.marcin@gmail.com> 2018-06-16 22:50:18 +0200
committer: marcinzelent <zelent.marcin@gmail.com> 2018-06-16 22:50:18 +0200
commit: b0cf064f819357feedc77d6d5eb0de49e122554a (patch)
tree: 2ba0defb81576326dbc25736174100bfd43f677c /examples
parent: 7d93b9b60f0923b0f895d63b2d456b279a6ab774 (diff)
4 files changed, 13 insertions, 1 deletions
diff --git a/examples/buffer-overflow/buffer-overflow b/examples/buffer-overflow/buffer-overflow
deleted file mode 100755
index c518559..0000000
--- a/examples/buffer-overflow/buffer-overflow
+++ /dev/null
diff --git a/examples/buffer-overflow/buffer-overflow.c b/examples/buffer-overflow/buffer-overflow.c
index 96f0ee8..4fcce8c 100644
--- a/examples/buffer-overflow/buffer-overflow.c
+++ b/examples/buffer-overflow/buffer-overflow.c
@@ -6,7 +6,7 @@ int main(void)
 	char buf[16];
 	int ok = 0;
 
-	printf("Type admin password: \n");
+	printf("Type admin password: ");
 	gets(buf);
 
 	if (strcmp(buf, "pass123")) printf("\nWrong password!\n");
diff --git a/examples/command-injection/command-injection.c b/examples/command-injection/command-injection.c
new file mode 100644
index 0000000..914b32e
--- /dev/null
+++ b/examples/command-injection/command-injection.c
@@ -0,0 +1,12 @@
+#include <stdlib.h>
+#include <string.h>
+
+int main(int argc, char **argv)
+{
+	char cmd[strlen(argv[1]) + 6];
+	strcpy(cmd, "echo ");
+	strcat(cmd, argv[1]);
+	system(cmd);
+
+	return 0;
+}
diff --git a/examples/xss/comments.db b/examples/xss/comments.db
index 32114c2..2c1a491 100644
--- a/examples/xss/comments.db
+++ b/examples/xss/comments.db
author	marcinzelent <zelent.marcin@gmail.com>	2018-06-16 22:50:18 +0200
committer	marcinzelent <zelent.marcin@gmail.com>	2018-06-16 22:50:18 +0200
commit	b0cf064f819357feedc77d6d5eb0de49e122554a (patch)
tree	2ba0defb81576326dbc25736174100bfd43f677c /examples
parent	7d93b9b60f0923b0f895d63b2d456b279a6ab774 (diff)