NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 2002-q1

From: Benjamin Morin (benjamin.morinrd.francetelecom.com)
Date: Thu Mar 07 2002 - 11:36:39 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> for whatever reason the list moderators dont let this thru.. or answer
> my emails..
>
> that really sucks.
>
> http://iron.fi.st/phpxpl.c

This exploit is an old one...

diff -w -b -B www.hack.co.za/exploits/os/linux/slackware/7.0/phpxpl.c
phpxpl.c

1,3c1
< /*
< * PHP 3.0.16/4.0.2 remote format overflow exploit.
< * Copyright (c) 2000

---
> /* PHP 3.0.16/4.0.2 remote format overflow exploit. 
5,17c3
<  * gneisenauberlin.com
<  * my regards to sheib and darkx
<  * All rights reserved
<  * Pascal Boucheraine's paper was enlightening
<  * THERE IS NO IMPLIED OR EXPRESS WARRANTY FOR THIS CODE. 
<  * YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS AND I CANNOT BE HELD
RESPONSIBLE
<  * FOR THE CONSEQUENCES
<  * Usage:
<  * phpxpl -sx -uwww.victim.com/some.php3 | nc www.victim.com 80
<  *
<  * Slackware 7.0: eip address/shellcode address
<  *                 0xbfff9b90/0xbfff958c
<  *
Benjamin Morin

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]