现在假设攻击者发送了超过buffer 1所能处理的数据。
Now imagine that an attacker has sent more data than buffer1 can handle.
然后攻击者发送一个充满SACK选项的包,目的是使另一方主机扫描整个队列以处理每个选项。
The attacker then sends a packet full of SACK options designed to force the other host to scan that entire queue to process each option.
攻击者发送的恶意数据可以欺骗处理程序,以执行计划外的命令或者访问未被授权的数据。
The attacker's hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
或攻击者可以安装一个特洛伊木马程序或不请自来的电子邮件发送软件,目的是在金融活动或造成损害品牌名称,修改公司的资源。
Or an attacker might be able to install a Trojan horse program or unsolicited E-mail sending software, aim at financial enrichment or cause brand name damage by modifying company resources.
攻击者不能访问一个请求中所有的包,也就不能破译发送的消息。
The attacker cannot access all the packets of a request and cannot decipher what message was sent.
具体来说,就是需要确保释放所持有的锁,并且防止会由于攻击者所发送的数据而引起整个应用程序的崩溃。
In particular, make sure you release any locks held and avoid crashing an entire application due to data sent by an attacker.
只要可能,请确保您发送的数据不会受到攻击者的控制。
When possible, make sure that the data you send won't be controlled by an attacker.
要实现这一点,攻击者向目标主机发送设置了SYN标志的tcp包,就象打开常规tCP连接时一样。
To accomplish this, the attacker sends a TCP packet with the SYN flag set to the target host, just like when opening a regular TCP connection.
由于在每次调用表单时都会更改标记,因此想要成为攻击者就必须获得发送表单的实例,去掉标记,并把它放到假表单中。
Because the token is changed each time the form is drawn, a would-be attacker would have to get an instance of the sending form, strip out the token, and put it in their spoofing version of the form.
您会发现,攻击者只要每十秒钟左右发送几个syn包就可以禁用特定端口。
You can see that the attacker will only have to send a few SYN packets every ten seconds or so to disable a specific port.
如果攻击者可以向shell发送具有特殊意义的字符,那就会出现麻烦。
If an attacker can send characters that have special meaning to the shell, there will be trouble.
问题是gets()不能防止出现缓冲区溢出的问题;攻击者可以简单地发送超过传递给 gets()的缓冲区可以存储的数据。
The problem is that gets() doesn't protect itself from buffer overflows; an attacker can simply send more data than the buffer passed to gets() can store.
攻击者然后可能编写出一个简单的脚本,发送各种XPath注入并从系统中提取XML文档,如Klein的论文中提及的那样。
An attacker might then potentially write a simple script that sends various XPath injections and extracts an XML document from a system as mentioned in Klein's paper.
显示该页面时,恶意脚本就运行,它收集用户的cookie,并向攻击者的网站发送包含收集到的 cookie 的请求。
When the page is displayed, the malicious script runs, collects the users' cookies, and sends a request to the attacker's Web site with the cookies gathered.
如果攻击者重新向AmazonSQS服务发送请求,则重复的签名表示该请求属于捕获重放攻击,AmazonWeb服务将会阻塞它。
If an attacker re-sends the request to the Amazon SQS service, the repetition of its signature identifies the request as a capture-replay attack, and Amazon Web Services blocks the it.
要利用这点,攻击者可以向这些库发送畸形的JSON对象,这样eval函数就会执行这些恶意代码。
To exploit this, attackers send malformed JSON objects to these libraries so the eval function executes their malicious code.
通常攻击者会使用它想要运行的恶意代码来使缓冲区溢出,然后攻击者会更改返回值以指向它们已发送的恶意代码。
Often the attacker will overrun the buffer with the malicious code the attacker wants to run, and the attacker will then change the return value to point to the malicious code they've sent.
例如,清单3中展示的代码能够窃取信息并将其发送到某个攻击者的服务器。
For example, Listing 3 shows code that steals information and sends it to an attacker's server.
尽管攻击者可能会修改您发送的数据,但是您需要确保组件会按照您希望的方式对您发送的数据进行处理。
You'll need to make sure that the component will interpret the data you send the way you expect, even if an attacker can influence the value of that data.
如果应用程序有xss漏洞,攻击者就可能会发送能被应用程序执行的恶意脚本,导致XSS侵入。
If the application has XSS holes, the attacker may send a malicious script that can still be executed by the application and lead to XSS intrusions.
如此一来,攻击者就可以向该属性发送有害的XML数据,并且这些数据将被看作是完全合法的输入。
This lets attackers send harmful XML for this attribute — and as a perfectly legitimate input!
键盘记录工具允许攻击者劫持任何用户输入;比如说,如果某个用户在使用一个基于 Web 的电子邮件服务,那么键盘记录工具将记录下任何文本输入并将其发送给攻击者。
The key logger allows an attacker to hijack any user input; for example, if a user uses a Web-based e-mail service, the key logger will record and transmit any text input to the attacker.
当他修改email地址之后,他会去一个忘记密码网页,可能一个新的密码就会被发送到攻击者的电子邮箱里了。
After he changed it, he will go to the forgotten-password page and the (possibly new) password will be mailed to the attacker's E-mail address.
让我们进一步假设主机a位于网络192.168.2.0,并且攻击者将该数据报发送到这个网络的网络广播地址而不是某台特定主机。
Let's further assume that host a is located in network 192.168.2.0, and that the attacker sends the datagram to the network broadcast address of this network instead of to a particular host.
攻击者可以用电子邮件给受害者发送特别处理过的文件,如果受害者用vim来阅读或者编辑它,受害者就可能会去运行攻击者想要运行的任何程序!
An attacker could E-mail a specially rigged file to the victim, and if the victim used vim to read or edit it, the victim would run whatever program the attacker wanted. Oops.
总之,此脚本将用户的cookie发送给攻击者的网站,在该网站攻击者可以获得进行破坏和攻击所需的全部信息。
So, the script sends the user's cookies to the attacker's site where the attacker gain all the information needed to wreak havoc.
或攻击者可以安装一个特洛伊木马程序或不请自来的电子邮件发送软件,目的是在金融活动或造成损害品牌名称,修改公司的资源。
Or an attacker might be able to install a Trojan horse program or unsolicited email sending software, aim at financial enrichment or cause brand name damage by modifying company resources.
攻击者通过向asp网站连续不断发送HTTP请求,可以使服务器不堪重负,从而导致ASP网站陷于瘫痪。
The attacker transmits enormous HTTP requests to an ASP website, which will lead the server to be over-loaded and the ASP website to be paralyzed.
对于大多数有针对性的攻击,攻击者获得了通过发送一个定制的攻击一个或几个对象的个人获得的组织。
As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals.
所收集的数据,然后悄悄地发送到远程攻击者通过各种电子手段。
The collected data is then surreptitiously sent to the remote attacker via a variety of electronic means.
应用推荐