chris, you wrote : > I expect weird things from FTP, but this does not seem right. But I am > curious how you plan to inject code if the only way to get the seg. fault > is to enter a bare '~'? Kinda limits what you can get on the stack, no? i forgot to mention that it is also possible to build an exploit-package that looks like this : cwd ~?thenextfollowingtextdoesntmatterandcouldpossiblybeashellcode as you see i've just inserted another special character after the ~ i'll research this problem more intensive to proof if a shellcode can possibly being injected. cheers Johnny.Cyberpunkat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 11:01:12 PDT