Embedded Files
Ask for one student volunteer to act as a "processor".
Lay out some post its in a straight path and lay out differently colored post its in a loop that departs from the middle of the straight path and then returns to it at the same location from which it departed. The straight path represents the main program of an application and the loop represents the subroutine or a function in the code. Number each post it in its corner.
The processor should follow the post its, depart into the loop and return to the main path
Now disconnect the loop from the main program, and turn it into a parallel path with the main program. Write the number of the first subroutine's post it onto the center of the main program post it, where it used to branch out. The number just after the branch should go into the center of the post it at the end of the subroutine.
The processor should follow the post its in line, except if the post it has a number in its center. Then the processor should jump to that number.
Now designate a few post its at the end of the subroutine to hold some user input. For example, if there was a text box on a Web page for username and the user has typed it in. Each post it can hold 1 character - letter or number.
Invite students to provide a short input and write it into the post its. Ask the processor to run again. This should work as normal.
Invite students to provide a long input that does not fit into the post its. It should overwrite the return address at the end of the subroutine. Ask the processor to run again. This should lead the processor to go to some unknown place at the end of the subroutine.
Discuss where the attacker may want the processor to go and why. Discuss how one could prevent this kind of attacks.
Page updated
Google Sites
Report abuse