Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: Rumours about Apache 1.3.22 exploits

RE: Rumours about Apache 1.3.22 exploits

From: Benjamin Morin <benjamin.morin_at_rd.francetelecom.com>
Date: 07 Mar 2002 18:36:39 +0100

> for whatever reason the list moderators dont let this thru.. or answer
> my emails..
>
> that really sucks.
>
> http://iron.fi.st/phpxpl.c

This exploit is an old one...

diff -w -b -B www.hack.co.za/exploits/os/linux/slackware/7.0/phpxpl.c
phpxpl.c

1,3c1
< /*
< * PHP 3.0.16/4.0.2 remote format overflow exploit.
< * Copyright (c) 2000 

---
> /* PHP 3.0.16/4.0.2 remote format overflow exploit. 
5,17c3
<  * gneisenau_at_berlin.com
<  * my regards to sheib and darkx
<  * All rights reserved
<  * Pascal Boucheraine's paper was enlightening
<  * THERE IS NO IMPLIED OR EXPRESS WARRANTY FOR THIS CODE. 
<  * YOU ARE RESPONSIBLE FOR YOUR OWN ACTIONS AND I CANNOT BE HELD
RESPONSIBLE
<  * FOR THE CONSEQUENCES
<  * Usage:
<  * phpxpl -sx -uwww.victim.com/some.php3 | nc www.victim.com 80
<  *
<  * Slackware 7.0: eip address/shellcode address
<  *                 0xbfff9b90/0xbfff958c
<  *
Benjamin Morin
Received on Mar 08 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos