'1' = '1'always evaluates as true, this query return all records in the database, causing the login function to return
trueeven though no valid user account was entered.
/dev/randomis opened where an endless stream of bytes is returned, potentially causing a denial-of-service.
WKWebViewor the deprecated
UIWebViewon iOS and
WebViewon Android, are potentially vulnerable to such attacks.
printffamily of C functions, attackers may inject format tokens such as ‘%c’ and ‘%n’ to access memory. Format string bugs are convenient to exploit due to their flexibility. Should a program output the result of the string formatting operation, the attacker can read and write to memory arbitrarily, thus bypassing protection features such as ASLR.
mprotectto change memory protection settings for the location where the attacker stored the shellcode.
strcat, other functions beginning with the "str" prefix, etc.) and potentially vulnerable programming constructs, such as copying user input into a limited-size buffer. The following should be considered red flags for unsafe string functions:
strcpy, most other functions beginning with the "str" prefix,
memcpy, make sure you check that the target buffer is at least of equal size as the source and that both buffers are not overlapping.