Is this code insecure?

Discussion in 'OT Technology' started by ott0, Oct 27, 2005.

  1. ott0

    ott0 New Member

    Joined:
    Oct 22, 2005
    Messages:
    20
    Likes Received:
    0
    I had some of the code from this article <<link (the c++ cgi script) running on my server for a while. About a week ago the the script started getting a lot of hits and then went over bandwidth limit. So you think someone hijacked it and used it for spam or it was just a coincidence? Can any of you see any security flaws in it?
     
    Last edited: Oct 27, 2005
  2. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    This can be a dangerous thing to do. Anything that allows a remote user to inject a string of data into your program unchecked can possibly be used to exploit it.

    I watched a security consultant at work completely own a web server by causing a buffer overflow in a web app (custom, he had never even seen it before). He did it through the URL. One of the pages accepted input via the URL but didn't check that the data was what it was expecting.
     
  3. peerk

    peerk New Member

    Joined:
    Mar 14, 2005
    Messages:
    984
    Likes Received:
    0
    This isn't security related but I was always taught to pass large data types as constant references when ever possible.

    So two of the functions would become:

    bool IsInList(const string& host)
    void AddToList(const string& input, const string& host)
     
  4. ott0

    ott0 New Member

    Joined:
    Oct 22, 2005
    Messages:
    20
    Likes Received:
    0
    peerk i agree, that's a good idea.

    evilss: yeah, but the user data is passed to a string, which should adjust it's size to the data so no overflow is possible... although I don't completely understand c++ string implementation so I can't say there's no way to exploit them...
     
  5. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    What's the limit on a string for the c++ compiler you are using? Is there a limit to the length of the QUERY_STRING that the web server can handle? If so, how does it handle an overflow?

    "Should" is an assumption, and you know what they say about assuming.
     
  6. ott0

    ott0 New Member

    Joined:
    Oct 22, 2005
    Messages:
    20
    Likes Received:
    0
    theoretically it can handle stings as big as the ram limit for the program, which would be an incredibly long string, i'll test it and get back to you.

    edit: i also wouldn't be surprised if they have some prevention again overflows... anyone know?
     
    Last edited: Oct 27, 2005
  7. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    what compiler did you use? What web server?
     
  8. ott0

    ott0 New Member

    Joined:
    Oct 22, 2005
    Messages:
    20
    Likes Received:
    0
    gcc for linux, apache web server (don't know how that mattters though ;))

    ah well, I'm gonna assume that no one broke into the server. I'll watch the logs for a while and jump on any fishy behavior.
     
  9. EvilSS

    EvilSS New Member

    Joined:
    Jun 11, 2003
    Messages:
    5,104
    Likes Received:
    0
    Location:
    STL
    Easy way to see is to look at the logs and see what URL was being requested.
     

Share This Page