A collection of proof-of-concept exploitable applications in C#
An application that connects to a MySQL database and checks if the username and password supplied by the user is valid. Can be exploited by essentially any injection vector. This is due to a lack of input sanitation.
Demonstrates the rare case where a C# application is vulnerable to a buffer overflow. A couple of conditions must be met in order to perform a buffer overflow. This is due to CRL's garbage collection! It is well known that c# creates space on the heap instead of the stack. In order to order to force CRL to create the variable on the stack, stackalloc must be used in the variable's definition. Because this is considered unsafe, you must first allow unsafe code in the project settings. The method must also be declared unsafe. unsafe keyword
Before entering the loop, the memory location of the variable "number" is displayed...
After running through the loop a single time, the memory looks like.
Running through a second time displays a memory profile of
Note that the end of allocated memory has been reached. Any further addition will overrun the stack and cause a segmentation fault.
Because of the particular conditions that must be met for this to happen, it is not practical and is extremely rare in the wild.