Buffer overflow is one of the methods used by hackers to exploit a computer systemthat has a weakness in an application that is used by the system. An application canbe buffer-overflow because the application does not have good data control and usually is not realized by the creator of the program. Then how a hacker can gainaccess rights to the system only by exploiting the weaknesses of an existingapplication on the target computer system? Of course this is closely related to theauthority (read: access) which is owned by the application.
So that you canunderstand and see the real impact and effect of this buffer overflow, here will be implemented this method buffer overflow in C / C + +, which until now is still the most widely used language in the creation of applications for Linux and Unix.
The understanding itself is a buffer overflow condition in which the buffer (the variablethat is in use an application to store its data in memory) filled with data whose sizeexceeds its own capacity and the consequent advantages of data that will fill the memory address of another variable that does not belong or in this case in call tooverwrite. Its implementation in C / C + + like this:
Code: input.c
#include < stdio.h >
void duplikasi(char *st) {
char buf[30];
strcpy(buf, st);
printf("Anda telah memasukan data ke variabel buf
dengan:\n%s\n", buf);
return;
}
int main () {
char msg[100];
printf("Masukan karakter, kemudian tekan enter: ");
gets(msg);
duplikasi(msg);
return 0;
}
From the above code the variable msg duplicated to a variable buf which has a capacity of 30 characters.
