Vulnerability Development mailing list archives
ASP & HTR Overflows
From: "Doesnt Matter" <ackstorm () hackermail com>
Date: Tue, 16 Apr 2002 07:38:18 +0800
Greetz Traqers, I'm writeing a small perl script to check for the existince of the 4 known overflows affecting win2k. I was wondering if a few people would be mind posting header replys from some vunerable & nonvunerable servers. following are the requests sent from the script (for test enviroment reasons) $s{'a'} = "POST /iistart.asp HTTP/1.1\r\nAccept: */*\r\nHost: AckTack\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\n\r\n10\r\nPADPADPADPADPADP\r\n4\r\nDATA\r\n4\r\nDEST\r\n0\r\n\r\n"; $As = "A" x500; $s{'h'} = "GET /NULL.htr?$As=X HTTP/1.1\r\nAccept: */*\r\nHost: AckTack\r\nContent-Type: text/html\r\n\r\n"; Thank you ahead of time ~Ack -- Powered by Outblaze
Current thread:
- ASP & HTR Overflows Doesnt Matter (Apr 15)