On Thu 7. March 2002 16:57, H D Moore wrote: > On Thursday 07 March 2002 09:30 am, HypH wrote: > > On Thu 7. March 2002 15:18, H D Moore wrote: > > > YES. wu-ftpd will call compress with the file name as an argument if > > > you request the file name ending in .Z. You have to be able to write > > > out a file name containing the shell code to exploit the bug. > > > > The problem is that the file have to be 1100 chars long , with the > > shellcode within. But wu-ftpd doesn`t allow/handle so long filenames. > > Hmm.. What about splitting the shellcode into different directories and the > requesting the full path to the file (directories and all) ending in .Z? even if you create some dirs you can`t send a command string that is longer than 200 chars and so you can`t get /SOME/DIRS/1100/CHRS/LONG/foo.Z Any other ideas..?? :-)) -- +-+-+-+-+-+-+-+-+-+-+-+ Were All Born Original Most Die As Copies +-+-+-+-+-+-+-+-+-+-+-+
This archive was generated by hypermail 2b30 : Sat Mar 09 2002 - 10:43:15 PST