note: I DID NOT WRITE THIS! I FOUND IT ON REDDIT Original:
http://tiny.cc/ELI5Quite an outstanding explaintion that is very simple to understand.
Imagine a choose-your-own-adventure book (i.e. "If you choose to go left, turn to page 10. If you go right, turn to page 20). You have sneakily inserted a page 30 which tells the reader to give you all your money.
At the start of the book there is a blank page where the reader can make notes. That's your buffer. If you write in a bunch of text on that page, and the reader is too dumb to notice it's happened, you could make your text overflow onto page one, and overwrite the text already there.
So now, page one says "If you choose to go left, turn to page 30. If you choose to go right, turn to page 30".
So the reader turns to page 30, and follows the instruction to give you all their money. You have overflowed the buffer to make the reader go to a page of your choosing rather than the legitimate pages.
The book is your program, the blank page is the buffer, and page 30 is the malicious code. The text you dumped onto the blank page is your exploit code.
Please add on to this explanation if you can, I am interested in hearing other ways of understanding this concept.
Author
