Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
CYB2200-L7L8
Metacharacters
| Question | Answer |
|---|---|
| what are the Security vulnerabilities related to processing textual data formats contained in strings | • C string handling • Metacharacters |
| Metadata | accompanies the main data and represents additional information about it |
| In-band representation | embeds metadata in the data itself, using special characters called metacharacters |
| metacharacters | • NUL terminator in a C-style string • end-of-line character is used for displaying textual strings • A slash (/) and dot (.) metacharacters in a filename with path (../etc/passwd-2) • @ metacharacter in an email address |
| Out-of-band representation | keeps metadata separate from data and associates the two through some external mechanism. |
| example of out of band representation | Strings in C++, string length is stored in an out-of-band variable |
| metadata representations | In-band representation out of band representation |
| what are the problems with using metacharacters | • Embedded delimiters • Truncation bug |
| what are the common metacharacter formats | • Path metacharacters • C format strings • Shell metacharacters • SQL queries |
| how does metacharacter filter work | • Eliminating metacharacters • Metacharacter evasion |
| Delimiters are used to denote | the termination of a field |
| one of the most overlooked areas in format string handling. | Truncation bugs |
| when does one of the most common cases of metacharacter vulnerabilities occur | when handling textual representations of path hierarchies |
| what is a textual representation of a path hierarchy used for | access files on a file system |
| example of a textual representation of a path hierarchy | /home/Alice/Documents/Homework/report3.doc |
| how do many systems organize objects and how can that be represented | Many systems organize objects into some sort of hierarchy that can be represented textually |
| what is the file system delimiter in unix | a forward slash (/) character |
| what is the file system delimiter in windows | a backslash (\) character |
| what does each file in a file system have | has a basic string representation that uniquely identifies its location |
| what does the basic string representation that uniquely identifies its location for a file typically consists of | a device name (optionally), followed by an absolute path |
| example of a file in string representation for calc.exe | C:\WINDOWS\system32\calc.exe |
| what does the basic string representation of a file represent? | uniquely identifies its location (maybe with a device name) |
| Other examples of a file in string representation for calc.exe file | C:\WINDOWS\system32\drivers\..\calc.exe calc.exe .\calc.exe ..\calc.exe |
| cd .. -- | parent of the current location |
| cd ../.. -- | grandparent of the current location |
| what is dot dot slash ("../") | Also known as “directory traversal” |
| directory traversal | his is when attackers use the term “../” to access files that are on the target web server but not meant to be accessed from outside |
| how is the directory traversal most commonly entered | Most commonly entered into the URL bar |
| can directory traversal be combined with other attacks | may also be combined with other attacks |
| what is a common attack that directory traversal is combined with | XSS (cross site scripting?) |
Created by:
user-1830624