The goal is to locate binaries that fail
to properly handle unexpected environment string values.
Figure 14-4
Normal call to
getenv using libc
Figure 14-5
Fuzzed call to
getenv with
Sharefuzz in place
Reference
SPIKE, SPIKE Proxy, Sharefuzz www.immunitysec.com/resources-freesoftware.shtml
Gray Hat Hacking: The Ethical Hacker??™s Handbook
358
CHAPTER15 Client-Side Browser
Exploits
In this chapter, you will learn about client-side vulnerabilities and several tools for
discovering client-side vulnerabilities. This chapter mostly focuses on vulnerabilities
affecting Internet Explorer on the Microsoft Windows platform, but the concepts can
be extended to other classes of client-side vulnerabilities and other platforms where
client-side applications run.
??? Why client-side vulnerabilities are interesting
??? Internet Explorer security concepts
??? Notable client-side exploits in recent history
??? Finding new browser-based vulnerabilities with MangleMe, AxEnum, and AxMan
??? Heap spray to exploit
??? Protecting yourself from client-side exploits
Why Client-Side Vulnerabilities Are Interesting
Client-side vulnerabilities are vulnerabilities in client software such as web browsers, email
applications, and media players.
Pages:
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645