Full Disclosure mailing list archives
Ok KF, i tell you about the buffer overflow in Sphera
From: "Lorenzo Hernandez Garcia-Hierro" <novappc () novappc com>
Date: Sat, 14 Jun 2003 17:33:27 +0200
Hi KF, all the information about the buffer overflow is in the report but i can tell you, when you request the subbmitted.php file , the sphera hd ( hosting director) cp ( control panel ) make the proper actions only checking the vds_[vds user/number]|| variable and the boolean value like true or false, if you send a large request in the GET mode , the script makes a pick up in the server and the server becomes unstable , ok ? and if you only modify the user variable , you can acces another users accounts!. regards, ------------------------------------------------------ Lorenzo Hernandez Garcia-Hierro --- Computer Security Analyzer --- --Nova Projects Professional Coding-- PGP: Keyfingerprint B6D7 5FCC 78B4 97C1 4010 56BC 0E5F 2AB2 ID: 0x9C38E1D7 ********************************** www.novappc.com security.novappc.com www.lorenzohgh.com ______________________ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Ok KF, i tell you about the buffer overflow in Sphera Lorenzo Hernandez Garcia-Hierro (Jun 14)
