Where can I find a demonstration of a buffer overflow?
Is there a site, or is there a simple way of setting up one, which demonstrates what can happen with a buffer overrun? This is in the context of a web app.
(I've already asked this, by the way, on ServerFault, just in case you think it would be better asked there)
Stack and heap buffer overflows are essentially caused by writing a lot of data into a region of memory that is too small to contain all of the data - causing the data to be written beyond the extent of the allocation and blatting whatever sits after it logically in memory. In the case of a stack-overflow this may be a return address for the function and in the case of the a heap overflow this may include virtual function pointers from other C++ objects on the heap. In either case, an attacker may be able to use the vulnerability to take control of the process when the overwritten function returns or the overwritten heap object is used.
WebApplications written in PHP, C#, VB, VB.NET, ASP.NET, Ruby-on-rails, server-side javascript and JSP are managed applications, and are not succeptable to memory corruption vulnerabilities such as stack buffer overflows or heap buffer overflows caused by bad web-application code. Buffer overflows tend to be the preserve of C/C++ applications, although other less common "native" languages such as Dephi and Fortran are also susceptible.
If you are a web-developer, the most important class of vulnerabilities that you need to look at are SQL-injections and problems caused by inappropriate include/eval/file-writes in the server code which might allow a string or file passed by a user to eventually be treated as code on the server. Unfortunately for web-developers, these types of attacks tend to be much more effective and are much easier to do than buffer-overflow attacks on native code, and consequently the impact of not fully understanding security as a web-developer can be much more painful than not understanding security as a native developer.