Colapse all |
Post message
debugging seh overwrite 2006-03-20 laphoo gmail com (3 replies) Hello, I would like to know a way to debugging a vulnerable program, where I am overwriting the se handler with my address. I have OllyDbg as just in time debugger. If my exploit-buffer reaches the pointer to the next seh record, nothing happens. Now I was trying to put breakpoint instructions 0xcc) [ more ] [ reply ] Re: HTTP proxy/redirector to a unique virtual host .... 2006-03-17 Kim Christensen (kim christensen gmail com) > Does anyone on the list knows of any kind of software (for Windows, Linux, > or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive > requests on a specific TCP port, and then redirects them to another IP, AND > to a scpecific Virtual Host ? http://httpd.apache.org/docs/2.0/m [ more ] [ reply ] HTTP proxy/redirector to a unique virtual host .... 2006-03-15 Alberto Paris (albertoparis hotmail com) Hi, Does anyone on the list knows of any kind of software (for Windows, Linux, or anything) that I can set up as an HTTP/HTTPS proxy/redirector to receive requests on a specific TCP port, and then redirects them to another IP, AND to a scpecific Virtual Host ? Something like what 'stunnel' doe [ more ] [ reply ] Adobe Form Designer Overflow 2006-03-10 mc iglo gmx de Hi, A buffer overflow occurs in Adobe Form Designer 7 (Part of Acrobat 7) with all Updates applied, when trying to create a new or modify an existing form on a system with too many fonts installed. Installing the software on a plain (just updates) Windows 2000 with ~1500 fonts, will result in a acc [ more ] [ reply ] CanSecWest/core06 Vancouver April 3-7 2006-03-08 Dragos Ruiu (dr kyx net) The call for papers is now closed and the proposals have been reviewed for the CanSecWest/core06 Applied Technical Security Conference held on April 5-7 2006 at the Mariott Renaissance Harbourside in Vancouver, B.C. Canada. The selected submissions are : An hour of Rap and Comedy about SAP - St [ more ] [ reply ] SyScan'06 Call For Papers 2006-03-06 organiser (at) syscan (dot) org [email concealed] (organiser syscan org) SyScan'06 CALL FOR PAPER **ABOUT SYSCANâ??06** The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScanâ??06 intends [ more ] [ reply ] DEF CON 14 is now in effect! The Call for Papers is open. 2006-02-23 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 W00t! DEF CON 14 is now in effect! The Call for Papers is open. This is a short announcement to let everyone know that we are opening the call for papers for DEFCON 14 - the annual gathering of subversive computer folks. Earlier submissions are given [ more ] [ reply ] Re: PHP and SCRIPT_NAME variable 2006-02-22 Harald Eder (contact eder-harald com) (1 replies) Sorry, I forgot to insert the initial question, here is it: Roman Medina-Heigl Hernandez wrote: > Hello, > > Last week I was thinking about the possibility for an external attacker to > influence over the following PHP variable: > $_SERVER['SCRIPT_NAME'] > > The former variable contains the remote [ more ] [ reply ] Re: PHP and SCRIPT_NAME variable 2006-02-21 contact eder-harald com Hi, as far as I know the elements of the $_SERVER array are filled by the webserver and therefore a manipulation through a php trick might by difficult. From my opinion it will be easier to alter this values through a trick on the webserver for instance by using a bug in Apache but I do not know a [ more ] [ reply ] PHP and SCRIPT_NAME variable 2006-02-20 Roman Medina-Heigl Hernandez (roman rs-labs com) Hello, Last week I was thinking about the possibility for an external attacker to influence over the following PHP variable: $_SERVER['SCRIPT_NAME'] The former variable contains the remote path (URI) to a PHP script, so if for instance you access with a browser to: http://<site>/aa/bb/cc/script.ph [ more ] [ reply ] Re: shellcoding on gentoo 2006-02-20 Borja (padre correo ugr es) (4 replies) Hi Lot of ppl tell me that I did not proper zero the EAX register,so 3 MSB of eax corrupt trapping the syscall, but Its OK. I successfully run the shellcodes on a debian box,but in gentoo,allways SEGFAULT. There is it, a new log: ----------------------------------------------------------------- [ more ] [ reply ] CALL FOR PAPER - SYSCAN'06 2006-02-18 organiser (at) syscan (dot) org [email concealed] (organiser syscan org) *SyScan'06 CALL FOR PAPER* ***ABOUT SYSCANâ??06*** The Symposium on Security for Asia Network aims to be a very different security conference from the rest of the security conferences that the information security community in Asia has come to be so familiar and frustrated with. SyScanâ??06 inte [ more ] [ reply ] BCS Asia 2006 - Call for Papers 2006-02-17 Jim Geovedi (jim geovedi com) Bellua Cyber Security Asia 2006 Call for Papers - http://www.bellua.net For the second consecutive year, the Bellua Cyber Security Asia 2006 Conference will bring together in Indonesia internationally recognized experts in the security community as well as leading members of the loca [ more ] [ reply ] Re: Buffer Overrun Newbie 2006-02-13 Marco Ivaldi (raptor 0xdeadbeef info) On Wed, 8 Feb 2006, James Longstreet wrote: > If you have experience with Linux, or another Unix OS, I would suggest > starting there. If you don't want to install Linux, you can even run it > in Bochs, QEMU, VMWare, etc. If you need some help on Linux/x86 exploitation, i suggest you to take a l [ more ] [ reply ] Re: shellcoding on gentoo 2006-02-07 nonexistent fake com Try initializing the upper 3 MSB's of the eax register before trapping. This seems like a really common error amongst new shellcode writers. It's probably that eax has already been initalized with a value and you're only setting the LSB. Then when you trap the wrong (or completely invalid) systemcal [ more ] [ reply ] Buffer Overrun Newbie 2006-02-05 gj_williams2000 yahoo co uk (2 replies) I was messing about with my pc trying to learn how buffer overruns work (mostly as an excuse to use assembler) and I have run into a problem. The program I am exploiting is just a simple c program I wrote which mismanages a string provided by the user by copying it into a 512 byte variable on the s [ more ] [ reply ] Black Hat USA CFP opens, Europe early bird reminder, Federal news 2006-02-02 Jeff Moss (jmoss blackhat com) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Vuln Dev readers, A bunch of announcements from Black Hat. It was easier to bundle them all together instead of send them out bit by bit, so everything from Black Hat Federal coverage to the CFP opening for the summer USA conference is included. [ more ] [ reply ] Re: shellcoding on gentoo 2006-01-30 apriori dkc-clan de I guess your function address is wrong, run "objdump /usr/lib/libc.so.5 -T | grep -w execve" to find the one for your system. by the way: a much more reliable way to run system functions is to use systemcalls. the respective number for each syscall can be found with egrep "^#define __NR" /usr/inc [ more ] [ reply ] |
Privacy Statement |
that I sent last night has not yet appeared.
w3wp remote DoS due to improper reference of STA COM components in ASP.NET
========================================================================
===
Vendor: Microsoft Corpora
[ more ] [ reply ]