IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New How would this be exploited?
It sounds like bidi control characters are a special case, in that it's the only control character allowed in comments. What am I missing?
--

Drew
New If a GUI honors it but the compiler does not
then the human sees one thing, the compiler another. If the compiler drops the control characters without warning, that can become a problem. e.g. it could be used to make you see 0x0F where the compiler sees 0xF0.

How feasibly any of this is is another matter. The example above is not very practical unless it hits a project that still uses literals for critical fields.
New That sounds like the edgiest of edge cases
Not saying it's impossible to exploit, but just about any other method must be easier.
--

Drew
New Pretty much. The more likely target is e-mail (URLs, attachment names, ...)
New "What are you missing?", you ask.
The endless ingenuity of the evildoers to exploit anything in ways you didn't even consider possible, that's what.
     Krebs on "Trojan Source" - (Another Scott) - (6)
         How would this be exploited? - (drook) - (4)
             If a GUI honors it but the compiler does not - (scoenye) - (2)
                 That sounds like the edgiest of edge cases - (drook) - (1)
                     Pretty much. The more likely target is e-mail (URLs, attachment names, ...) -NT - (scoenye)
             "What are you missing?", you ask. - (pwhysall)
         Not quite new - (scoenye)

No, I am your father.
60 ms