big-list-of-naughty-strings icon indicating copy to clipboard operation
big-list-of-naughty-strings copied to clipboard

Published 20 hours ago verified publisher icon minimaxir

%x.%x.%x.%x and BMWs

Open nelsonjchen opened this issue 6 years ago • 2 comments

https://twitter.com/Obzy/status/864704956116254720

https://t.co/6m6Qw3UvWN

There's %s 's in the corpus but no %x's

nelsonjchen avatar Jul 16 '19 16:07 nelsonjchen

Mazdas also have format-string vulnerabilities.

https://99percentinvisible.org/episode/the-roman-mars-mazda-virus/#comment-133054 https://www.reddit.com/r/gimlet/comments/bdxht4/hey_its_ben_from_the_reply_all_episode_140_i_have/

Their format string is %In. %n is already in the BLNS, but that format string specifier will accept length modifiers. %zn has been verified as well.

How many different combinations of strings like this does this list seek to include? All of them, or just a subset?

adminspotter avatar Jul 17 '19 15:07 adminspotter

That's captured in #197. I was hesitant about putting this one in but there's a CVE assigned: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9212 .

nelsonjchen avatar Jul 17 '19 15:07 nelsonjchen