Re: Format String Exploits

From: Larry W. Cashdollar (lwcat_private)
Date: Thu Apr 12 2001 - 10:46:22 PDT

Next message: mshines: "Testing - Microsoft Windows XP"

Previous message: Thierry: "Re: Alcatel ADSL Backdoor"
Next in thread: R.C.S: "Re: Format String Exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I guess what I should have stated is that all of the perl scripts I have
run into web-cgi, process automation all used print instead of
printf. I guess exploitability falls on the programmers preference.

On Wed, 11 Apr 2001, Adam Prato wrote:

> Unfortunately, this is comparing apples and oranges. Try this instead:
>
> {shelly:~} perl -e '$buf=sprintf($ARGV[0]); print "$buf\n";' "%% %c %s %d %u %o
> %x %e %f %g %X %E %G %b %p %n %i %D %U %O %F"
> %   0 0 0 0 0.000000e+00 0.000000 0 0 0.000000E+00 0 0 0  0 0 0 0 0.000000
>

Next message: mshines: "Testing - Microsoft Windows XP"
Previous message: Thierry: "Re: Alcatel ADSL Backdoor"
Next in thread: R.C.S: "Re: Format String Exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:43:15 PDT