RE: Rumours about Apache 1.3.22 exploits

From: Benjamin Morin (benjamin.morinat_private)
Date: Thu Mar 07 2002 - 09:36:39 PST

Next message: Chris Eidem: "RE: IExplorer"

Previous message: Dave Ahmad: "Re: off by one exploits?"
In reply to: Knud Erik Hojgaard: "RE: Rumours about Apache 1.3.22 exploits"
Next in thread: Mike Tone: "RE: Rumours about Apache 1.3.22 exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> for whatever reason the list moderators dont let this thru.. or answer
> my emails.. 
> 
> that really sucks.
> 
> http://iron.fi.st/phpxpl.c

This exploit is an old one...

diff -w -b -B www.hack.co.za/exploits/os/linux/slackware/7.0/phpxpl.c
phpxpl.c 

1,3c1
< /* 
<  * PHP 3.0.16/4.0.2 remote format overflow exploit.
<  * Copyright (c) 2000 
---
> /* PHP 3.0.16/4.0.2 remote format overflow exploit. 
5,17c3
<  * gneisenauat_private
<  * my regards to sheib and darkx
<  * All rights reserved
<  * Pascal Boucheraine's paper was enlightening
<  * THERE IS NO IMPLIED OR EXPRESS WARRANTY FOR THIS CODE. 
<  * YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS AND I CANNOT BE HELD
RESPONSIBLE
<  * FOR THE CONSEQUENCES
<  * Usage:
<  * phpxpl -sx -uwww.victim.com/some.php3 | nc www.victim.com 80
<  *
<  * Slackware 7.0: eip address/shellcode address
<  *                 0xbfff9b90/0xbfff958c
<  *

Benjamin Morin

Next message: Chris Eidem: "RE: IExplorer"
Previous message: Dave Ahmad: "Re: off by one exploits?"
In reply to: Knud Erik Hojgaard: "RE: Rumours about Apache 1.3.22 exploits"
Next in thread: Mike Tone: "RE: Rumours about Apache 1.3.22 exploits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 07 2002 - 21:17:25 PST