Penetration Testing mailing list archives
Re: can this overflow lead to exploitation?
From: pen-test <avaya.toons () gmail com>
Date: Wed, 11 Feb 2009 10:40:11 +0530
Just doubt, when the url is above 1 MB the app crashes and dump the memory, if a byte less, then no prob.Just Invalid url from application. But i cant see my 1024 bytes of "aaaaa" any where in stack nor app memory and also none of the regs are affected by this loooong url, what am i missing here? On Wed, Feb 11, 2009 at 3:46 AM, shellcoder1 <shellcoder1 () gmail com> wrote:
can you control any register ? how did you know this is a buffer overflow? what did you see when you load it in a debugger? I suggest reading about the subject first before going on. pen-test wrote:Hi all, Just need some help exploiting a doubtd buffer overflow, Well, the scenario is, i found a cute little app of my friend, vulnerable to overflow(?). But i can't say at this time whthr itz exploitable or not. Thatz why i need help, Ok, what you do when u doubt thrz a chance of exploitation, if an app get crashed, when given an arbitrary long URL/filename? In my case the app crashed with a MessageBox from the exception handler that the "app terminated unexpectdly" and giving a dmp, I just ran the mem dump thru VS 2005 and got "an Unhandled exception at 0x019f57b0 in app.exe: 0xC0000005:Access violation writing location 0xd357a29f." Seems a null pointer usage, but not sure. Hmmm, following me? Now pls help me analyse the case and if exploitable, how? Any online documentations, e-books ? Above all any experts in buff overflow exploitation? Thanks ahead, Tom
Current thread:
- can this overflow lead to exploitation? pen-test (Feb 10)
- Re: can this overflow lead to exploitation? shellcoder1 (Feb 11)
- Message not available
- Re: can this overflow lead to exploitation? pen-test (Feb 11)
- Re: can this overflow lead to exploitation? ArcSighter Elite (Feb 12)
- Re: can this overflow lead to exploitation? Sanjay R (Feb 18)
- Message not available
- Re: can this overflow lead to exploitation? shellcoder1 (Feb 11)