Vulnerability Development mailing list archives
Re: kiss from [HeliSec] : htdigest core dumps (apache 1.3.14)
From: Riley Hassell <riley () EEYE COM>
Date: Wed, 21 Feb 2001 18:54:38 -0800
There are various vulnerabilites in those tools. I noticed a while ago htpasswd doesn't strip '\r', so I was able to add unauthorized entries. There should definately be an audit done on those considering many times they are used by custom cgi's. ----- Original Message ----- From: "Helios Security (Helisec)" <NIKEBOY () RETEMAIL ES> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Friday, February 16, 2001 10:48 AM Subject: kiss from [HeliSec] : htdigest core dumps (apache 1.3.14)
this is what i tried: bash-2.03$ htdigest Usage: htdigest [-c] passwordfile realm username The -c flag creates a new file. bash-2.03$ htdigest -c test kiss `perl -e '{print "A"x"1000"}'` Adding password for
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA A!
AAAAAAAAAAA in realm kiss. New password: Re-type new password: Segmentation fault bash-2.03$ i have tried to exploit the buffer but, as i reported about newmail, the program crashes before actually jumping to the shellcode.
Current thread:
- kiss from [HeliSec] : htdigest core dumps (apache 1.3.14) Helios Security (Helisec) (Feb 21)
- Re: kiss from [HeliSec] : htdigest core dumps (apache 1.3.14) Riley Hassell (Feb 21)