Mariusz Woloszyn writes: > It's true that lynx segfaults on long URLs, but exploiting it is (IMHO) > impossible because lynx strips all nonprintable characters thus smugling > RET address is impossible. I have never heard about ASCII only shellcode > also :) > I assume lynx bugs are unexploitable... Don't bet on it. For the x86, at least, it's not that hard to use only the opcodes that are printable ASCII characters to write pretty much any program you'd want; using self-modifying code you can generate the opcodes that aren't in the printable ASCII set. I've seen examples, such as a printable-ASCII-only .COM file for bootstrapping a DOS Kermit distribution.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:39:20 PDT