Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[argv] sockz loves file exploit exploit
From: "ARGV" <argv () hushmail com>
Date: Sun, 9 Mar 2003 02:14:53 -0800


-----BEGIN PGP SIGNED MESSAGE-----


1. Topic:
        sockz loves file exploit exploit

2. Relevant versions:
        Vulnerable: ALL!

        Not Vulnerable:  NONE!

3. Problem description:
        The problem is rooted in script kiddies writing exploits for
        someone else's bad code, yet can't keep exploitable bugs out of their
        own 20 line code.  PRAISE THE OMNIPOTENT BLACKHAT!!!!

        We believe the problem comes from line 22, where is found
        the obfuscated comment:

        // I don't really know how to code, i just rip code and paste in
        // different string thingies

        We believe the above information to be correct, but we will need to
        perform a more thorough analysis of this incredibly complex piece
        of software.

        http://marc.theaimsgroup.com/?l=bugtraq&m=104696992100353&q=p3

        if(!argv[1]) usage(argv[0]);
        ^ null pointer dereference

        sprintf(tmp,"echo>%s",evilfile);
        ^ no bounds checking!! exploit!!
        system(tmp);
        ^ no sanity checks!! evilfile = "blahblah | rm -rf /"
        fd=open(evilfile,O_WRONLY);
        ^ whoa, what if it can't be opened?

        elfhdr.e_type=1; //type should by NOT ET_CORE (4) & NOT ET_EXEC (2)
                                        ^ typo

4. Workaround:
        Read your "C in 24 hours" again, oh elite h4x0r
        Rinse
        Repeat
        Enlighten us yet again with your incredible works of art

5. References:
        GREETZ TO SOCKZ FOR THIS EXPLOIT!! WE LOVE YOUR INCESSANT RAMBLINGS,
        AND LOOK FORWARD TO MANY MORE!!

6. Contact:
        argv () hushmail com


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.2 (Java)
Note: This signature can be verified at https://www.hushtools.com/verify

wlkEARECABkFAj5rEdkSHGFyZ3ZAaHVzaG1haWwuY29tAAoJEO/BXrpp9BkprUQAn0c3
pGeVtgwcn49eAOBOi2b2zJUQAKCz9as95fDQrLJ2YOR5T1U5wse7OA==
=G+4G
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • [argv] sockz loves file exploit exploit ARGV (Mar 09)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault