[20204] in bugtraq
SUN SOLARIS FTP GLOBBING
daemon@ATHENA.MIT.EDU (Johnny Cyberpunk)
Fri Apr 13 13:03:08 2001
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-ID: <004101c0c41a$3f42a560$2100a8c0@illegalaccess.de>
Date: Fri, 13 Apr 2001 15:04:16 +0200
Reply-To: Johnny Cyberpunk <johncybpk@GMX.NET>
From: Johnny Cyberpunk <johncybpk@GMX.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
chris,
you wrote :
> I expect weird things from FTP, but this does not seem right. But I am
> curious how you plan to inject code if the only way to get the seg. fault
> is to enter a bare '~'? Kinda limits what you can get on the stack, no?
i forgot to mention that it is also possible to build an exploit-package
that looks
like this :
cwd ~?thenextfollowingtextdoesntmatterandcouldpossiblybeashellcode
as you see i've just inserted another special character after the ~
i'll research this problem more intensive to proof if a shellcode can
possibly being
injected.
cheers
Johnny.Cyberpunk@illegalaccess.org
