Jump to content

Code injection


trung0407
 Share

Recommended Posts

You can inject simple code into an autoit program. For example:

Global $var, $var2=5
$var = InputBox("","")
Execute($var)

So at the inputbox, if I type: MsgBox(0,"title", $var2)

then type ok, i'll have a msgbox and show the value of $var2, which is 5.

This is a way to hack a program if you know the name of any variables used.

Example 2

Global $var, $var2=5
$var = InputBox("","")
Execute($var)
MsgBox(0, "",$var2)

Now, normally, at the end, this script will show a msgbox with the value of $var2, which is 5.

But if I enter in the inputbox this: Assign("var2", 10)

then my final result of $var2 is 10

Link to comment
Share on other sites

#include <String.au3>
MsgBox(0 , "Hello " & @UserName, "You can inject simple code into an autoit program.")

$Input = InputBox("0 Rly" , "Test" , "Hello " & @UserName & " Sending Code to be injected!")
MsgBox(16 , @IPAddress1 , $Input)

ConsoleWrite(_StringEncrypt(0 , "16D1C1FDE51B4B3A511EB53FA6E1A5A781950D0E05A3948D4E23A3E755B5A81F0E0769AD6F08AFD75AF1C41137F61D2D4061C715D6F17C199BF6882B949DED57E70F1EC6927915A97FEF7AD53022A668CFF4724F69CBA5D1719F9D0B54DDD0C608697571447F72BFABC37CF4D84F215B89D93434B1BF067AD97A0E6C2DA966CBA3A454AC3FBD55200A52A08CC5992AEE366309445DF6DD43DC719170FBF0749035AE3518028F" , "Love"))

:) I am going to bed now...

I am only joking

4chan got the best of me tonight

Edited by SkellySoul
Link to comment
Share on other sites

  • Developers

I show you this to let you know the security hole of the function Execute. Not trying to encourage hack or anything :)

There is not security a hole in Execute, since its by design done by the programmer coding the script.

This is not code injection in the true sense, but flexibility allowed by the programmer of the script.

Jos :)

Edited by Jos

SciTE4AutoIt3 Full installer Download page   - Beta files       Read before posting     How to post scriptsource   Forum etiquette  Forum Rules 
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...