Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Exploiting Buffer Overflows in CGI Scripts

From: franciozzy () terra com br
Date: Tue, 04 Jun 2002 21:09:48 -0300
Hi,

I was looking for papers on exploiting buffer overflows in CGI Scripts,
but just couldn't manage to find any.

I have several questions about:
* How apache or other webservers handles requests with binary data
  (shellcode).
* How can someone issue a "Host:" tag after the "GET ... HTTP/1.0"
  line, if the evil buffer will get apache to process the request.
* On the above topic, is there any tricks to code the shellcode in
  order to avoid the webserver to do so?

Thanks for any information on it,
Franciozzy
Previous By Date Next
Previous By Thread Next

Current thread: