diff options
| author | Marcin Zelent <zelent.marcin@gmail.com> | 2018-05-30 18:27:51 +0200 |
|---|---|---|
| committer | Marcin Zelent <zelent.marcin@gmail.com> | 2018-05-30 18:27:51 +0200 |
| commit | ee0bd3f7716546f679bd390d7b681fedf949b2fb (patch) | |
| tree | a8b21d9c4707521dcf161bbdc7a20f622700c6f2 /examples | |
| parent | 7b2e079f4ef3cd3f16c6c5ca30fc3e97fd982b28 (diff) | |
Added buffer overflow example
Diffstat (limited to 'examples')
| -rwxr-xr-x | examples/buffer-overflow/buffer-overflow | bin | 0 -> 8520 bytes | |||
| -rw-r--r-- | examples/buffer-overflow/buffer-overflow.c | 18 | ||||
| -rw-r--r-- | examples/sql-injection/index.html | 25 | ||||
| -rw-r--r-- | examples/sql-injection/login.php | 23 | ||||
| -rw-r--r-- | examples/sql-injection/users.db | bin | 0 -> 8192 bytes | |||
| -rw-r--r-- | examples/xss/comments.db | bin | 0 -> 8192 bytes | |||
| -rw-r--r-- | examples/xss/index.php | 36 |
7 files changed, 102 insertions, 0 deletions
diff --git a/examples/buffer-overflow/buffer-overflow b/examples/buffer-overflow/buffer-overflow Binary files differnew file mode 100755 index 0000000..c518559 --- /dev/null +++ b/examples/buffer-overflow/buffer-overflow diff --git a/examples/buffer-overflow/buffer-overflow.c b/examples/buffer-overflow/buffer-overflow.c new file mode 100644 index 0000000..96f0ee8 --- /dev/null +++ b/examples/buffer-overflow/buffer-overflow.c @@ -0,0 +1,18 @@ +#include <stdio.h> +#include <string.h> + +int main(void) +{ + char buf[16]; + int ok = 0; + + printf("Type admin password: \n"); + gets(buf); + + if (strcmp(buf, "pass123")) printf("\nWrong password!\n"); + else ok = 1; + + if (ok) printf("\nLogged in as admin.\n"); + + return 0; +} diff --git a/examples/sql-injection/index.html b/examples/sql-injection/index.html new file mode 100644 index 0000000..d3e760b --- /dev/null +++ b/examples/sql-injection/index.html @@ -0,0 +1,25 @@ +<!DOCTYPE HTML> +<html> + <head> + <title>Login page</title> + <meta charset="utf-8" /> +<style> +body { + text-align: center; +} + +input { + margin-bottom: 5px; +} + +</style> + </head> + <body> + <h1>Login</h1> + <form action="login.php" method="post"> + <input type="text" name="email" placeholder="E-mail"><br> + <input type="password" name="pass" placeholder="Password"><br> + <input type="submit" value="Log in"> + </form> + </body> +</html> diff --git a/examples/sql-injection/login.php b/examples/sql-injection/login.php new file mode 100644 index 0000000..826c38c --- /dev/null +++ b/examples/sql-injection/login.php @@ -0,0 +1,23 @@ +<?php + class MyDB extends SQLite3 { + function __construct() { + $this->open('users.db'); + } + } + + if(isset($_POST['email'], $_POST['pass'])) + { + $email = $_POST['email']; + $pass = $_POST['pass']; + + $db = new MyDB(); + + $sql = 'SELECT * FROM Users WHERE email=\''.$email.'\' AND password=\''.$pass.'\''; + + $ret = $db->query($sql); + while($row = $ret->fetchArray(SQLITE3_ASSOC)) { + echo 'Logged in as '.$row['email'].'<br>'; + } + $db->close(); + } +?> diff --git a/examples/sql-injection/users.db b/examples/sql-injection/users.db Binary files differnew file mode 100644 index 0000000..9ddf64e --- /dev/null +++ b/examples/sql-injection/users.db diff --git a/examples/xss/comments.db b/examples/xss/comments.db Binary files differnew file mode 100644 index 0000000..32114c2 --- /dev/null +++ b/examples/xss/comments.db diff --git a/examples/xss/index.php b/examples/xss/index.php new file mode 100644 index 0000000..e645517 --- /dev/null +++ b/examples/xss/index.php @@ -0,0 +1,36 @@ +<?php + class MyDB extends SQLite3 { + function __construct() { + $this->open('comments.db'); + } + } + + if (isset($_POST['user'], $_POST['comment'])) { + $user = $_POST['user']; + $comment = $_POST['comment']; + + $db = new MyDB(); + + $sql = 'INSERT INTO Comments VALUES(\'' . $user . '\',\'' . $comment . '\')'; + $ret = $db->exec($sql); + $db->close(); + } + + echo '<!DOCTYPE HTML><html><head><title>Comments</title>' . + '<meta charset="utf-8"></head><body><h1>Comments</h1>'; + + $db = new MyDB(); + + $sql = 'SELECT * FROM Comments'; + $ret = $db->query($sql); + while ($row = $ret->fetchArray(SQLITE3_ASSOC)) + echo '<p><b>' . $row['user'] . '</b> says:<br>' . $row['comment'] . '</p>'; + + $db->close(); + + echo '<h2>Add comment</h1><form action="index.php" method="post">' . + '<input type="text" name="user" placeholder="User name"><br>' . + '<input type="text" name="comment" placeholder="Comment"><br>' . + '<input type="submit" value="Add"><br>' . + '</form></body></html>'; +?> |