humm, i d like to add one last thing to this according to me much too long thread. (seems some writers ain't thinking about the cause) if you have a look at the pseudocode below, which i suspect mirabilis to use, you ll find thousands of ways to exploit icq. fread(my_socket,"%s %s %s", getword, url, httpversion); /// if you only feed two or one word, it 'dumps core', gpf under windoze change the slashes in url to backslashes; url = "c:\program files\icq\webroot_dir\" + url; /// yes, this is the '../../../../' bug ... open(fd,url); read(fd,buffer); write(socket,buffer); close(socket); i think its this because i made small webserver earlier to see common bugs. i checked on the net, and the dynamic server of francois piete (known for delphi components) and various shareware servers, or remote admin modules for eg. proxy servers are vulnerable. greetz, kervel (kervelat_private)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:05 PDT