|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: huw trippz (trippz_au
hotmail.com)Date: Tue Sep 11 2001 - 05:23:58 CDT
hi,
i was looking at the mod_gzip src and found a sprintf that prints the
process id and tid onto a var HOST. if you could find a way of changing, or
spoofing these id's, and since they are strings, you could easily overwrite
HOST with shellcode if you could spoof the pid or tid. This is probably a
non-exploit, but anyone with the urge to make themselves look great and get
a local nobody shell is welcome to try.
"doot"
ohh and i support antisec :)
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]