Collaborate Disseminate
I see there are forums about this question, but everywhere, I fail to see the answer I am looking for.
I have a stored procedure which its purpose is to execute dynamic SQL statement.
It uses a cursor which makes it a single point where on… Continue reading T-SQL, string injection, REPLACE(@myVariable, ””, ”””) approach? Once and for all
There’s a bowling revolution in play, and not all bowlers are willing participants. In fact, a few are on strike, and it’s all because bowling alleys across America are getting …read more Continue reading Bowling With Strings Attached: the People Are Split
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?
Continue reading Any idea on how this 36 character long string generated? [duplicate]
Here’s the C code:
#include<stdio.h>
int main(int argc, char **argv){
char a[100];
char *b;
printf("Welcome to SUST Dungeon Fellow Hacker!\n");
scanf("%s", &a);
if(b=="chiching&q… Continue reading Even though the $rax and $rbp-8 is eq it’s taking the jne path
Measure twice, cut once is excellent advice when building anything, from carpentry to metalworking. While this adage will certainly save a lot of headache, mistakes, and wasted material, it will …read more Continue reading Making Things Square in Three Dimensions
Unless you’re an avid fan of 1997’s box office hit Mouse Hunt, or actively working in the string industry, you probably don’t spend a lot of time thinking about how those …read more Continue reading LEGO String Winder Hints At Greater Possibilities
I am practicing some malware detection basics and it has caught my attention that the Cyrillic alphabet is not detected by practically any traditional string detection tool.
Source Code
while (strcmp(password, user_input) != 0)
{
p… Continue reading Floss and many tools not detecting cyrillic strings in binary
Suppose that we have this code (in TypeScript syntax):
function one(str: string): string {
// do something with the string
return str
}
function two() {
let s = getSomeString() // returns some unknown string that may contain surroga… Continue reading A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?
Go and Java have "compile time constants", and JavaScript will soon get a feature that allows "Distinguishing strings from a trusted developer from strings that may be attacker controlled" via isTemplateObject.
These al… Continue reading Attack on a string created by a developer
When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this? Like if you take in the string without validating it’s just numbers, is there any risk?
Are there any kn… Continue reading When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this?