Exploiting Buffer Overflows in CGI Scripts

From: franciozzyat_private
Date: Tue Jun 04 2002 - 17:09:48 PDT

  • Next message: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"

    Hi,
    
    I was looking for papers on exploiting buffer overflows in CGI Scripts,
    but just couldn't manage to find any.
    
    I have several questions about:
    * How apache or other webservers handles requests with binary data
      (shellcode).
    * How can someone issue a "Host:" tag after the "GET ... HTTP/1.0"
      line, if the evil buffer will get apache to process the request.
    * On the above topic, is there any tricks to code the shellcode in
      order to avoid the webserver to do so?
    
    Thanks for any information on it,
    Franciozzy
    



    This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 17:25:11 PDT