undefined | Better HN

0 pointsmycall5y ago0 comments

Wait until they try unicode, then the joke will be on them.

0 comments

I cannot fathom how complicated arbitrary code execution could get with multi byte characters that could use shift registers, null bytes and byte order marks with determinism in a NOP slide on a heap spray.

Filtering only printable user input helps but even bit map images can expose a heap to a sensitive registers that will execute some target specific generated shell code.

https://en.m.wikipedia.org/wiki/NOP_slide.

https://en.m.wikipedia.org/wiki/Heap_spraying

j / k navigate · click thread line to collapse

0 comments

jradd5y ago

Filtering only printable user input helps but even bit map images can expose a heap to a sensitive registers that will execute some target specific generated shell code.

https://en.m.wikipedia.org/wiki/NOP_slide.

https://en.m.wikipedia.org/wiki/Heap_spraying

j / k navigate · click thread line to collapse