Hi, I was looking for papers on exploiting buffer overflows in CGI Scripts, but just couldn't manage to find any. I have several questions about: * How apache or other webservers handles requests with binary data (shellcode). * How can someone issue a "Host:" tag after the "GET ... HTTP/1.0" line, if the evil buffer will get apache to process the request. * On the above topic, is there any tricks to code the shellcode in order to avoid the webserver to do so? Thanks for any information on it, Franciozzy
This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 17:25:11 PDT