Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan


Supplied Data

Similar to Event Data, an attacker may also be able to supply key data for later use to the memory space of the target application prior to exploitation. Consider the scenario of a caching HTTP proxy that exhibits the behavior of keeping recently requested resources in memory for a period of time prior to flushing them to disk for longer-term storage. If the attacker is aware of this behavior, the potential exists for the attacker to cause the proxy to retrieve a malicious web resource which contains a wealth of usable context-key data. Even if the attacker cannot predict where in memory the data may be stored, by having control of the data that is being stored other exploitation techniques such as egg hunting[14, 9][15] may be used by a decoder-stub to locate and retrieve context-key information when its exact location is unknown.