Name: Anonymous 2012-04-11 8:47
i need to hack a strcmp to go in the if and pass a command in the system. The program is a server when i lunch the server i lunch a client normaly with a command using "handlerBuyIngredient" i can pass a line like ";reboot" with it and being use by the system under the if but i don't know how to hack the if with the strcmp cause i cn't overflow the strcmp.
normaly with the system i can send some comand to other person who are conected with the same port to the server.
static int
handlerBuyIngredient(void *packetPtr, size_t packetSize)
{
int i;
char *ingredientName;
int amount;
char log[128];
char *password = NULL;
password = getStr(&packetPtr, &packetSize);
if (checkPassword(password) == ADMIN) {
ingredientName = getStr(&packetPtr, &packetSize);
amount = getNumber(&packetPtr, &packetSize);for (i = 0; stock[i].name != NULL; ++i) {
if (!strcmp(ingredientName, stock[i].name)) {
puts("PASS");
money -= 2 * amount;
stock[i].quantity += amount;
sendLogMessage(INGREDIENT_BOUGHT);
sprintf(log, "echo \"%s was bought\" >> log", ingredientName);
free(ingredientName);
system(log);
return amount;
}
}
sendLogMessage(UNKNOWN_INGREDIENT);
}
return -1;
}
normaly with the system i can send some comand to other person who are conected with the same port to the server.
static int
handlerBuyIngredient(void *packetPtr, size_t packetSize)
{
int i;
char *ingredientName;
int amount;
char log[128];
char *password = NULL;
password = getStr(&packetPtr, &packetSize);
if (checkPassword(password) == ADMIN) {
ingredientName = getStr(&packetPtr, &packetSize);
amount = getNumber(&packetPtr, &packetSize);for (i = 0; stock[i].name != NULL; ++i) {
if (!strcmp(ingredientName, stock[i].name)) {
puts("PASS");
money -= 2 * amount;
stock[i].quantity += amount;
sendLogMessage(INGREDIENT_BOUGHT);
sprintf(log, "echo \"%s was bought\" >> log", ingredientName);
free(ingredientName);
system(log);
return amount;
}
}
sendLogMessage(UNKNOWN_INGREDIENT);
}
return -1;
}