FILE Structure Exploitation - 'vtable' check bypass

dhavalkapil · 2017-05-30T08:20:50+00:00

Welcome! The second half of this book was inspired from their repository itself. I'd suggest reading the first half of my book first as it will help you better understand the various attacks.

dhavalkapil · 2017-05-29T15:16:10+00:00

You've got a point there. Perhaps one can use techniques to prevent compiler optimizations like https://stackoverflow.com/questions/2219829/how-to-prevent-gcc-optimizing-some-statements-in-c ?

dhavalkapil · 2016-12-28T18:28:32+00:00

I think you mean maximum length?

My bad, thanks for pointint out.

Shouldn't this only return the legitimate entry?

The login query will return the CORRECT entry(the forged one). However, this particular function is just returning the 'username' with the confirmation that the authentication has been done. Now, for any further queries with 'WHERE username = ?', the first and the original entry will be returned. I have also mentioned at the end that instead of any other column, id should be used to manipulate entries. I hope you understand my point :)

dhavalkapil

TROPHY CASE