The idea is pretty straightforward: Insert some attack code (for example, code that invokes a shell) somewhere and overwrite the stack in such a way that control gets passed to the attack code.
这种想法是相当直接的︰在某处汇入一些攻击程式码(例如,呼叫shell 的程式码)并以将控制传递给攻击程式码的方式来覆写堆叠。
Blind SQL injection attacks are a well know and recognized form of code injection attack, but there are many other forms, some not so well documented or understood.
SQL盲注攻击是一种为人熟知的代码注入攻击形式,但是也有很多其他形式,有些尚未得到很好的记载和了解。
When researchers look for malware and attack vectors, the tendency is to look for vulnerabilities in portals or code.
当研究人员寻找恶意软件和攻击的载体时,他们往往会寻找接口或代码中的漏洞。
Perhaps the most malicious form of injection attack is code injection—placing new code into the memory space of the running process and then directing the running process to execute it.
最恶劣的注入攻击形式也许是代码注入——将新代码置入正在运行的进程的内存空间,随后指示正在运行的进程执行这些代码。
One of the first steps you should take when hardening a machine is to reduce its attack surface. The more code that's running on a machine, the greater the chance that the code will be exploitable.
进行系统加固应该采取的首要步骤之一是降低其受攻击面:机器上运行的代码越多,代码被利用的机会更越大。
If you are concerned about this type of attack, which is easily prevented through code inspections, you can prevent untrusted clients from connecting to the Web container.
如果您担心这种类型的攻击(可以通过代码检查轻松地加以防止),则可以阻止任何不受信任的客户端连接到web容器。
The focus of this article is a specific type of code injection attack: the Blind XPath injection.
本文主要介绍代码注入攻击的一种特殊类型:XPath盲注。
The code in Listing 8 tries to attack invulnerable.
清单8中的代码尝试攻击invulnerable。
Cisco is warning of three vulnerabilities within its Internet Operating System software that could allow a denial-of-service attack or let a hacker run arbitrary code on an affected switch router.
Cisco已经被警告,在InternetOperatingSystem软件中具有三个可能引发拒绝服务,运行任意代码和系统出错的漏洞. "因为运行IOS的设备跨越数个不同类型的网络,第二轮大型拒绝服务攻击可能因此而起."
But if the operating system has marked that Internet communications buffer region of memory as only being valid for containing data and NOT code, the hacker's attack will never get started.
但是,如果经营体制,标志着互联网通信缓冲区的记忆,因为只有被有效遏制数据,而不是代码,黑客的攻击将不会得开始。
In this article, the author explains the principle and process of SQL Injection Attack, and introduces a serial interrelated solution to prevent SQL Injection Attack from the aspect of code in detail.
介绍了SQL注入攻击原理,SQL注入攻击的过程,并从功能代码本身方面详细介绍了SQL注入攻击的防范措施。
Because the code attempting the attack will always be somewhere in the call stack, it will be unable to exceed its own security permissions.
因为尝试进行攻击的代码总是位于调用堆栈中的某个地方,所以它无法超过自己的安全权限。
And code in the function that USES these parameters could cause an attack before the function returns and the security check is performed.
并且,使用这些参数的函数中的代码可能在函数返回前就导致攻击并执行了安全检查。
If the input is passed directly to the server without being validated and if the application inadvertently executes the injected code, then the attack has the potential to damage or destroy data.
如果未经验证而将输入直接传递到服务器,且应用程序无意中执行了该注入的代码,则攻击可能就会损坏或破坏数据。
A robust digital audio watermarking algorithm is presented, which can resist desynchronization attack effectively. We embed synchronization code by modifying the mean value of several samples.
改进了一种可抵抗去同步攻击的数字音频盲水印算法,该算法通过修改多个采样值的统计均值嵌入同步码,解决了空域嵌入同步码的不稳定性问题。
To minimize the amount of damage that can occur if an attack succeeds, choose a security context for your code that grants access only to the resources it needs to get its work done and no more.
若要将因攻击成功而导致的损害降到最低,请为您的代码选择安全上下文,以便只向资源授予其完成工作所必需的访问权限。
Next, in order to prevent the discovery and attack by malicious code, we utilize the Hardware Virtualization Technology to design the self-hidden module for LAHF.
接着,为了防止恶意代码发现和攻击,本文利用硬件虚拟技术为LAHF设计了自隐藏模块。
To improve the ability of resisting the linear combination attack, an improved fingerprint scheme based on ACC code is proposed.
为了提高抗联合攻击码抵抗线性组合攻击的能力,提出一种改进的基于ACC码的指纹编码方案。
ISR (Instruction Set Randomization) is a new, general approach for safeguarding systems against any type of code-injection attack.
指令表随机化(isr)技术是一种新型的保护系统免遭任何类型注入码攻击的通用方法。
Directory traversal is another injection-style attack, wherein a malicious user tricks filesystem code into reading and/or writing files that the Web server shouldn't have access to.
目录遍历是另一种注入类型的攻击,攻击者欺骗文件系统读或写服务器不允许操作的文件。
The Financial Times suggests that us officials have tracked the author of the code used to attack the company.
《金融时报》暗示美国官员已经找到编写代码袭击谷歌公司的黑客。
Plugins which allow arbitrary PHP or other code to execute from entries in a database effectively magnify the possibility of damage in the event of a successful attack.
允许任意的PHP或者其它的代码在数据库中的文章中执行的插件,有效地放大了一次成功袭击可能产生的损害。
Security officials blamed the attack on "ill-intentioned people", code for red-shirt militants, who were accused of a series of explosions in March and April.
保安队高层指责此次袭击为“恶意人群”所为,暗指红衫激进分子,后者在三月和四月受到一系列爆炸事件的指控。
The actual verification shows that attack description language can correspondingly construct suitable embedded code and launch attack automatically.
实际验证表明,该缓冲区溢出攻击描述语言能够动态地构造植入代码,实现缓冲区溢出攻击的自动化。
Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said.
源代码是从30多个硅谷的攻击目标,在一些公司被盗,消息人士说。
The strength of the embedded watermark is image-adaptive according to the wavelets quantization noise, and combined with the error-correct code, it improved the characteristic to anti-attack.
根据小波域量化噪声自适应地确定嵌入强度,并结合纠错编码,提高了抗攻击能力。
The strength of the embedded watermark is image-adaptive according to the wavelets quantization noise, and combined with the error-correct code, it improved the characteristic to anti-attack.
根据小波域量化噪声自适应地确定嵌入强度,并结合纠错编码,提高了抗攻击能力。
应用推荐