Vulnerability Development mailing list archives
Re: NSLOOKUP.EXE
From: Blue Boar <BlueBoar () thievco com>
Date: Thu, 20 Mar 2003 13:06:33 -0800
Patrick Webster wrote:
Can you do anything interesting with this?: C:\>nslookup Default Server: dns.server.net Address: 111.222.333.444AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA Gives error: memory can't be "read" - 0x414141 (aka A).
If you have to manually type all the A's, then probably not. Maybe if someone did something silly like make a CGI script that calls nslookup.exe directly with user input.
What OS are you testing on? It looks like it's fixed in XP: C:\winxp\system32>nslookup Default Server: dns1.snfcca.sbcglobal.net Address: 206.13.28.12> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA *** Input is too long > BB
Current thread:
- NSLOOKUP.EXE Patrick Webster (Mar 20)
- Re: NSLOOKUP.EXE Blue Boar (Mar 20)
- RE: NSLOOKUP.EXE Brett Moore (Mar 21)
- Re: NSLOOKUP.EXE Ryan Yagatich (Mar 21)
- Re: NSLOOKUP.EXE K. K. Mookhey (Mar 23)
- RE: NSLOOKUP.EXE Brett Moore (Mar 23)
- Re: NSLOOKUP.EXE Marcos D. Marado Torres (Mar 24)
- <Possible follow-ups>
- RE: NSLOOKUP.EXE Patrick Webster (Mar 20)
- RES: NSLOOKUP.EXE Cleber P. de Souza (Mar 21)
- Re: NSLOOKUP.EXE Nexus (Mar 21)
- RE: NSLOOKUP.EXE Sillari Andrea (Mar 21)
- Re: NSLOOKUP.EXE Filip Maertens (Mar 21)
(Thread continues...)
- Re: NSLOOKUP.EXE Blue Boar (Mar 20)