Exploiting Buffer Overflows in CGI Scripts

From: franciozzyat_private
Date: Tue Jun 04 2002 - 17:09:48 PDT

Next message: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"

Previous message: zillion: "SRT Security Advisory (SRT2002-06-04-1711): SCO crontab"
Next in thread: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: b0iler _: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: Stuart Adamson: "RE: Exploiting Buffer Overflows in CGI Scripts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I was looking for papers on exploiting buffer overflows in CGI Scripts,
but just couldn't manage to find any.

I have several questions about:
* How apache or other webservers handles requests with binary data
  (shellcode).
* How can someone issue a "Host:" tag after the "GET ... HTTP/1.0"
  line, if the evil buffer will get apache to process the request.
* On the above topic, is there any tricks to code the shellcode in
  order to avoid the webserver to do so?

Thanks for any information on it,
Franciozzy

Next message: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Previous message: zillion: "SRT Security Advisory (SRT2002-06-04-1711): SCO crontab"
Next in thread: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: b0iler _: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: Stuart Adamson: "RE: Exploiting Buffer Overflows in CGI Scripts"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 04 2002 - 17:25:11 PDT