From b0cf064f819357feedc77d6d5eb0de49e122554a Mon Sep 17 00:00:00 2001 From: marcinzelent Date: Sat, 16 Jun 2018 22:50:18 +0200 Subject: Added command injection example and secured examples --- examples/buffer-overflow/buffer-overflow | Bin 8520 -> 0 bytes examples/buffer-overflow/buffer-overflow.c | 2 +- examples/command-injection/command-injection.c | 12 ++++++++++++ examples/xss/comments.db | Bin 8192 -> 8192 bytes 4 files changed, 13 insertions(+), 1 deletion(-) delete mode 100755 examples/buffer-overflow/buffer-overflow create mode 100644 examples/command-injection/command-injection.c (limited to 'examples') diff --git a/examples/buffer-overflow/buffer-overflow b/examples/buffer-overflow/buffer-overflow deleted file mode 100755 index c518559..0000000 Binary files a/examples/buffer-overflow/buffer-overflow and /dev/null differ diff --git a/examples/buffer-overflow/buffer-overflow.c b/examples/buffer-overflow/buffer-overflow.c index 96f0ee8..4fcce8c 100644 --- a/examples/buffer-overflow/buffer-overflow.c +++ b/examples/buffer-overflow/buffer-overflow.c @@ -6,7 +6,7 @@ int main(void) char buf[16]; int ok = 0; - printf("Type admin password: \n"); + printf("Type admin password: "); gets(buf); if (strcmp(buf, "pass123")) printf("\nWrong password!\n"); diff --git a/examples/command-injection/command-injection.c b/examples/command-injection/command-injection.c new file mode 100644 index 0000000..914b32e --- /dev/null +++ b/examples/command-injection/command-injection.c @@ -0,0 +1,12 @@ +#include +#include + +int main(int argc, char **argv) +{ + char cmd[strlen(argv[1]) + 6]; + strcpy(cmd, "echo "); + strcat(cmd, argv[1]); + system(cmd); + + return 0; +} diff --git a/examples/xss/comments.db b/examples/xss/comments.db index 32114c2..2c1a491 100644 Binary files a/examples/xss/comments.db and b/examples/xss/comments.db differ -- cgit v1.2.3