mailing list archives
[argv] sockz loves file exploit exploit
From: "ARGV" <argv () hushmail com>
Date: Sun, 9 Mar 2003 02:14:53 -0800
-----BEGIN PGP SIGNED MESSAGE-----
sockz loves file exploit exploit
2. Relevant versions:
Not Vulnerable: NONE!
3. Problem description:
The problem is rooted in script kiddies writing exploits for
someone else's bad code, yet can't keep exploitable bugs out of their
own 20 line code. PRAISE THE OMNIPOTENT BLACKHAT!!!!
We believe the problem comes from line 22, where is found
the obfuscated comment:
// I don't really know how to code, i just rip code and paste in
// different string thingies
We believe the above information to be correct, but we will need to
perform a more thorough analysis of this incredibly complex piece
^ null pointer dereference
^ no bounds checking!! exploit!!
^ no sanity checks!! evilfile = "blahblah | rm -rf /"
^ whoa, what if it can't be opened?
elfhdr.e_type=1; //type should by NOT ET_CORE (4) & NOT ET_EXEC (2)
Read your "C in 24 hours" again, oh elite h4x0r
Enlighten us yet again with your incredible works of art
GREETZ TO SOCKZ FOR THIS EXPLOIT!! WE LOVE YOUR INCESSANT RAMBLINGS,
AND LOOK FORWARD TO MANY MORE!!
argv () hushmail com
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify
-----END PGP SIGNATURE-----
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
Full-Disclosure - We believe in it.
- [argv] sockz loves file exploit exploit ARGV (Mar 09)