| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: netninja at hotmail.kg (Adik)
Subject: Frontpage Extensions Remote Command Execution
Hello Nick,
Thursday, November 13, 2003, 3:14:40 AM, you wrote:
NJ> Has anyone even had any luck reproducing this? I can't for the life of
NJ> me get a crash...
NJ> -----Original Message-----
NJ> From: Geo.
NJ> Sent: Wed 11/12/2003 11:41 AM
NJ> To: full-disclosure@...ts.netsys.com
NJ> Cc:
NJ> Subject: RE: [Full-Disclosure] Frontpage Extensions Remote
NJ> Command Execution
NJ> >>
NJ> Well, for one, it's not root level. It allows ANONYMOUS (Guest)
NJ> access
NJ> <<
NJ> No it's not, IWAM is Web Applications MANAGER account you were
NJ> thinking of
NJ> IUSR perhaps? This is not guest. This account can change
NJ> websites so in a
NJ> multi host environment this level of access will allow a
NJ> compromise of every
NJ> website on the server.
NJ> Geo. (I'd call that root)
NJ> _______________________________________________
NJ> Full-Disclosure - We believe in it.
NJ> Charter: http://lists.netsys.com/full-disclosure-charter.html
What i learned from this overflow was that there is a difference
between sending 500 'A's and sending 500 'X's. sending 500 'A' even
more doesn't trigger access violation on dllhost process. however if u
send 500 'X's u'll get acces violation. well at least thats what i
noticed. maybe i'm wrong. so sometimes sendin different strings
might generate different results.
--
Best regards,
Adik mailto:netninja@...mail.kg
Powered by blists - more mailing lists