如何在 PHP/Python 中进行缓冲区溢出?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2081281/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to conduct buffer overflow in PHP/Python?
提问by user198729
Here is an example in c:
这是c中的一个例子:
#include <stdio.h>
#include <string.h>
void bad() {
printf("Oh shit really bad~!\r\n");
}
void foo() {
char overme[4] = "WOW";
*(int*)(overme+8) = (int)bad;
}
int main() {
foo();
}
回答by Ants Aasma
The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile the languages, it would still be impossible. This doesn't mean that you couldn't expose unsafe APIs that can do whatever. In fact, using Pythons ctypes module, it should be possible to create a similar behavior, but significantly harder to do so by accident.
Python 和 PHP 按照其他人的建议进行解释这一事实实际上并不是重点。关键是它们公开的几乎所有 API 和语言语义都经过严格的错误检查,因此不可能有可利用的未定义行为。即使你编译这些语言,它仍然是不可能的。这并不意味着您不能公开可以执行任何操作的不安全 API。事实上,使用 Python 的 ctypes 模块,应该可以创建类似的行为,但意外地很难做到这一点。
回答by johannes
As PHP is a scripting language and has no pointers and the string type is binary-safe such things won't work in PHP.
由于 PHP 是一种脚本语言,没有指针,而且字符串类型是二进制安全的,因此在 PHP 中不起作用。
But why would you want to do such a thing?
但是你为什么要做这样的事情呢?
(oh, there might be bugs in PHP resulting in a buffer overflow, but that's nothing that canbe relied upon in any way and usually is fixed quite ffast...)
(哦,PHP 中可能存在导致缓冲区溢出的错误,但这不能以任何方式依赖并且通常很快修复......)
回答by tzot
We're sorry: you've reached a weakness in Python. Unfortunately, it's by design, so little can be done about it. Perhaps you should stay with C.
很抱歉:您在 Python 中遇到了弱点。不幸的是,这是设计使然,因此几乎无能为力。也许你应该和 C 在一起。
As Martin v. L?wis said:
正如 Martin v. L?wis所说:
Python does not support buffer overflows, sorry.
Python 不支持缓冲区溢出,抱歉。
PS Wow. It seems like a few months ago that I read that post, and yet it's been 7 years and a day.
PS哇。好像几个月前我读过那篇文章,但已经 7 年零一天了。
回答by Thomas Bonini
Doing something similar in PHP will not result in the same behavior.
在 PHP 中做类似的事情不会导致相同的行为。
PHP is interpreted and always checks whether the operation you are doing or not is valid.. So you can't - for example - overrun a buffer.
PHP 被解释并始终检查您正在执行的操作是否有效.. 因此您不能 - 例如 - 溢出缓冲区。
回答by streetparade
Because php,python and every interpreted language first have to go through an interpreter and you dont have the full access to the memory this kind of languages will not let you to do some kind of games like the code you posted.
因为 php、python 和每种解释型语言首先必须通过解释器,而您没有完全访问内存的权限,这种语言不会让您做某种游戏,例如您发布的代码。
回答by Eu Insumi
import sys
import socket
for carg in sys.argv:
if carg == "-S":
argnum= sys.argv.index(carg)
argnum +=1
host = sys.argv[argnum]
elif carg == "-p":
argnum = sys.argv.index(carg)
argnum +=1
port = sys.argv[argnum]
buffer = "\x41"* 3000
s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((host,port))
s.send("USV" + buffer)
s.close()
