|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: franciozzy
terra.com.brDate: Tue Jun 04 2002 - 19:09:48 CDT
Hi,
I was looking for papers on exploiting buffer overflows in CGI Scripts,
but just couldn't manage to find any.
I have several questions about:
* How apache or other webservers handles requests with binary data
(shellcode).
* How can someone issue a "Host:" tag after the "GET ... HTTP/1.0"
line, if the evil buffer will get apache to process the request.
* On the above topic, is there any tricks to code the shellcode in
order to avoid the webserver to do so?
Thanks for any information on it,
Franciozzy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]