in reply to Re^3: use of print f and sprint f
in thread use of print f and sprint f
yes, perl is vulnerable. (There's a "but" explained below.) We can see it that it's vulnerable here:
$f = "%%%%"; printf("$f\n");
If perl wasn't vulnerable, it would display %%%% instead of %%. However, the vulnerability cannot be exploited. Perl's version of the (s)printf functions will not clobber the stack if the numbre or replaceables does not match the number of the arguments. What you'll get is incorrectly formatted data (which could possibly be used to exploit something else), but that's it.
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^5: use of print f and sprint f
by blokhead (Monsignor) on Nov 10, 2004 at 16:50 UTC | |
Re^5: use of print f and sprint f
by !1 (Hermit) on Nov 10, 2004 at 16:44 UTC | |
by ikegami (Patriarch) on Nov 10, 2004 at 17:04 UTC |
In Section
Seekers of Perl Wisdom