|
Penetration Testing
mailing list archives
need help on pen-test .( exploiting IMail 7.0.7 flaw )
From: Strcpy <elite_netbios () yahoo com>
Date: Fri, 16 Jul 2004 08:14:34 -0700 (PDT)
Hi list
I`m asked to do a pen-test on some servers.
during the test I found one , running the
IPSwitch I-mail 7.0.7 on a 2K-SP4 host.
well , as you may know this version is vulnerable to
the "web messageing " overflow which is reported
as BID 5323 . there is also a POC provided.
to become sure and a well pen-test I`d exploit this
bug . the code is optimised for this version of dll :
IMailsec.dll v.2.6.17.28
which is NOT my specific version . I don`t have
I-mail 7.0.7 localy installed to exactly know which
version of DLL it use .
Can anyone help me by providing me the return-address
of Imail 7.0.7`s DLL , to use in code?
or even better a brife hint to teach me how to
determine it myself .
and another question :
is it possible to do a brute-force to find
address in this bug ?
thnx so much
H.k
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
 By Date 
By Thread
Current thread:
- need help on pen-test .( exploiting IMail 7.0.7 flaw ) Strcpy (Jul 19)
|
Intro
