为便于分析, 很有必要写个基本的框架,对给定的’任意写(write-what-where)’漏洞进行封装,并验证其对操作系统的利用。 要把任意的写操作转换为攻击利用,需要三个基本的步骤, 我们将来逐一介绍。
基于16个网页-相关网页
更确切地说,可以以各种格式对任意(可配置)精度的数字进行读和写。
That is, Numbers can be read and written in a variety of formats, with arbitrary (configurable) precision.
我所要做的一切,就是写一个很小的映射类,就能够让这个例子对任意的表和类都适用。
All I had to do was write a tiny mapping class, and I could make the example work with any tables and classes. I had a general purpose structure.
这可能导致攻击者可在释放内存再用前对其进行写操作,然后在用户电脑商运行任意代码。
This could have resulted in freed memory that an attacker could write to before it is reused, and then run arbitrary code on the victim s computer.
应用推荐