Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development: Exploiting Buffer Overflows in CGI Scripts

Exploiting Buffer Overflows in CGI Scripts

From: <franciozzy_at_terra.com.br>
Date: Tue, 04 Jun 2002 21:09:48 -0300

Hi,

I was looking for papers on exploiting buffer overflows in CGI Scripts,
but just couldn't manage to find any.

I have several questions about:
* How apache or other webservers handles requests with binary data
  (shellcode).
* How can someone issue a "Host:" tag after the "GET ... HTTP/1.0"
  line, if the evil buffer will get apache to process the request.
* On the above topic, is there any tricks to code the shellcode in
  order to avoid the webserver to do so?

Thanks for any information on it,
Franciozzy
Received on Jun 05 2002

This message: [ Message body ]
Next message: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Previous message: zillion: "SRT Security Advisory (SRT2002-06-04-1711): SCO crontab"
Next in thread: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Reply: Vladimir P: "Re: Exploiting Buffer Overflows in CGI Scripts"
Maybe reply: b0iler _: "Re: Exploiting Buffer Overflows in CGI Scripts"
Maybe reply: Stuart Adamson: "RE: Exploiting Buffer Overflows in CGI Scripts"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]