Friday 29 December 2017

security - Exploitable Java functions

This question is similar to href="https://stackoverflow.com/questions/3115559/exploitable-php-functions/3697776#3697776">Exploitable
PHP Functions.



Tainted data comes from
the user, or more specifically an attacker. When a tainted variable reaches a sink
function, then you have a vulnerability. For instance a function that executes a sql
query is a sink, and GET/POST variables are sources of taint.




What are all of the sink functions
in the Java class library (for any flavor of Java)? I am looking for functions that
introduce a vulnerability or rel="nofollow noreferrer">software weakness. I am particularly interested
in Remote Code Execution vulnerabilities. Are there whole classes/libraries that contain
nasty functionally that a hacker would like to influence? How do people accidentally
make dangerous Java code?

-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print &q...