> for whatever reason the list moderators dont let this thru.. or answer > my emails.. > > that really sucks. > > http://iron.fi.st/phpxpl.c This exploit is an old one... diff -w -b -B www.hack.co.za/exploits/os/linux/slackware/7.0/phpxpl.c phpxpl.c 1,3c1 < /* < * PHP 3.0.16/4.0.2 remote format overflow exploit. < * Copyright (c) 2000 --- > /* PHP 3.0.16/4.0.2 remote format overflow exploit. 5,17c3 < * gneisenauat_private < * my regards to sheib and darkx < * All rights reserved < * Pascal Boucheraine's paper was enlightening < * THERE IS NO IMPLIED OR EXPRESS WARRANTY FOR THIS CODE. < * YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS AND I CANNOT BE HELD RESPONSIBLE < * FOR THE CONSEQUENCES < * Usage: < * phpxpl -sx -uwww.victim.com/some.php3 | nc www.victim.com 80 < * < * Slackware 7.0: eip address/shellcode address < * 0xbfff9b90/0xbfff958c < * Benjamin Morin
This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 21:17:25 PST