Menu
Here is an example in c:
#include <stdio.h>
#include <string.h>
void bad() {
printf("Oh shit really bad~!\r\n");
}
void foo() {
char overme[4] = "WOW";
*(int*)(overme+8) = (int)bad;
}
int main() {
foo();
}
555
The fact that Python and PHP are interpreted like suggested by others isn't actually the point. The point is that almost all of the APIs and language semantics that they expose are heavily error-checked making it impossible to have exploitable undefined behavior. Even if you compile the languages, it would still be impossible. This doesn't mean that you couldn't expose unsafe APIs that can do whatever. In fact, using Pythons ctypes module, it should be possible to create a similar behavior, but significantly harder to do so by accident.
159
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
