Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

fabios ultra vulnerability extravaganza
From: <fabiodancedjsupreme () hushmail com>
Date: Sun, 18 Mar 2007 00:45:35 +0100

fabios ultra vulnerability extravaganza

[wireshark buffer over flow]
sscanf (data,
        "%6d   %1s   %6d  %d:%d:%d.%d               %12s  %12s  
ETHV2   Type: %s",
        &pktnum, direction, &cap_len, &hr, &min, &sec, &csec, 
destmac,
        srcmac, type);
donot open iseries capturefiles!

[apache buffer over flow]
static void usage(process_rec *process)
{
    const char *bin = process->argv[0];
    char pad[MAX_STRING_LEN];
    unsigned i;

    for (i = 0; i < strlen(bin); i++) {
        pad[i] = ' ';
    }
this routin will fly over buffer but only with the spaces

watch out for: MONTH OF FABIO!!!!!!!!! i get many attentions every 
day
in month!

[nagios plugins(they are real nagios not just a extra]
-check_http: many many overflow possibillys here course im the dj
supremo:
#define URI_HOST "%[-
..abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]"
#define HD1 URI_HTTP URI_HOST URI_PORT URI_PATH
addr = malloc (MAX_IPV4_HOSTLENGTH + 1);
if (sscanf (pos, HD1, type, addr, port, url) == 4) {

-check_snmp: overflows to when understanding snmpget resullt:
char perfstr[MAX_INPUT_BUFFER] = "";
while (ptr) {
                foo = strstr (ptr, delimiter);
                strncat(perfstr, ptr, foo-ptr);
                strcat(perfstr, "=");
                strcat(perfstr, show);

loved the vulnerabilitys? buy also my nice nude calendar!!

greats to zybadawg333 (i call u frend ),omid,sapheal,hasadya 
raed,born to kill

by fabio dance dj supreme
(i'm fabio with darklong hair and i'm gotta make you M-O-V-E-move
to the G-R-O-V-E-grove)

--
Click for free info on getting an MBA and make $200K/ year
http://tagline.hushmail.com/fc/CAaCXv1I83CeqRUuciNVIIqk41z7nLAB/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • fabios ultra vulnerability extravaganza fabiodancedjsupreme (Mar 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]