Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: alibaba1.htm

Alibaba 2.0 Exploitable Overflow EXP:



    Alibaba 2.0


    Thomas  Dullien  found  following.   He  tried  a  little freeware
    webserver named  Alibaba 2.0  and found  an exploitable  overflow.
    He telnetted to and crashed it using

        POST [enter 1028 'x'] / HTTP/1.0

    From a disassembled listing Thomas found that it uses a

        scanf("%s %s %s", szName, szFile, szSomething);

    where szFile  is a  local variable  of 0x400  (=1024) bytes on the
    stack directly above  the return address.   Coding an exploit  for
    this is going to be a  little tricky as it mustn't have  any 0x20,
    0x00,  0x61-0x7A  in  it  since  these  bytes  are  changes by the
    foregoing function that converts everything into uppercase.


    The  authorswere  contacted  but  they  stated  since its freeware
    there will be no support to it!?

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH