[Full-Disclosure] Serv-U exploit

• Previous message: Gadi Evron: "[Full-Disclosure] Refuting tall-tales and stories about the Mydoom worms"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>
Date: Fri, 30 Jan 2004 17:47:06 +0100

Hi,

Attached is my Serv-U "SITE CHMOD" exploit. Should be pretty script kiddie
friendly.

Cheers,

SkyLined

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0 - not licensed for commercial use: www.pgp.com
Comment: Berend-Jan Wever - skylined@edup.tudelft.nl

mQGiBD//MyARBADnHLyg2lUBEddhdWAVBxovYU5PetLk2y3HZKguauHS6tT7sNPb
WR4JuRZ5G9uTkgS/JlVl8jhdvAfOhAsXnlSwfBljPSt7ylHkmG/0TUQV14+OVIks
joq80V2yGNT8oRGC/HMk6d20THXFsqiE8pLF5OVdcF0PpTP14OeavvWp2QCg/2Yb
nk1i1VSjOCmPudJ+7klQbI0D/3pRkXQofpYslG7hBaEndDOVFRo9rgF5D4cbmIo0
eH9LEtzHiB+Q1wgJ2CUxWQeYtqCE5upBOl5vwnlY86vH6QdxZ7JdOhyWU2bgbb+D
xZrWgE1LibVdqC6ow2NgmCTQhvnBVpuvrpfe50iohujCzzI4n8Vwolg4jQtCmsU/
2glaA/9vM9T09rlq0CMQnwI3o1WPuyaVd2RrODo8AScKmYkukiuOCF7HSB//hGOX
1HXkM+yRi7ZtGVuX2sY2wkjiZa1OUuL28I5FInJQxoS8FuMtlEY2vqVHcw01KL3O
NQPvVMNoieKM3hrLGUNTgvsiGEFZYzp908bvicGh3c1yrbo6XLQrQmVyZW5kLUph
biBXZXZlciA8c2t5bGluZWRAZWR1cC50dWRlbGZ0Lm5sPokAWAQQEQIAGAUCP/8z
IAgLCQgHAwIBCgIZAQUbAwAAAAAKCRDnF8rcdEbf3T07AKDQp2C/tLe5X8v1iUBa
TlEogOUvrQCg7SHA3QPk2f/6wnl9sqhADvXdS1W5Ag0EP/8zIBAIAPZCV7cIfwgX
cqK61qlC8wXo+VMROU+28W65Szgg2gGnVqMU6Y9AVfPQB8bLQ6mUrfdMZIZJ+AyD
vWXpF9Sh01D49Vlf3HZSTz09jdvOmeFXklnN/biudE/F/Ha8g8VHMGHOfMlm/xX5
u/2RXscBqtNbno2gpXI61Brwv0YAWCvl9Ij9WE5J280gtJ3kkQc2azNsOA1FHQ98
iLMcfFstjvbzySPAQ/ClWxiNjrtVjLhdONM0/XwXV0OjHRhs3jMhLLUq/zzhsSlA
GBGNfISnCnLWhsQDGcgHKXrKlQzZlp+r0ApQmwJG0wg9ZqRdQZ+cfL2JSyIZJrqr
ol7DVekyCzsAAgIIAPBwtE5Q5qtEuK/1a7rNrHvRTpgTJpw9P6B61TfGACiucXne
Xo28DbabGuD8yfiNaXTHKt9NAtfHxVTL1hFUIfK5dZ9o6FG4pJFZtXfjmGqoac6A
G2zBNWNAr26OqoEKrFohJyJ8rcIY+FKrH5axaBc9II5cxcQebWoFXU/tGq+4yVaZ
4669mfHBSfiThe4N1hlcrlcehxUe3QFZYmQHYClXpldY0t3/N71k5jd6a1NZ5j9Z
kfTBzXTtbKERt1mM9gptU4LjGJQFoNBw6dRj+IQc4wJG6nAmKaQpOwMdPnii8Kz1
i+MRkW92vt8bfcXqA38XcASI5iqKmQCSSYoBW0qJAEwEGBECAAwFAj//MyAFGwwA
AAAACgkQ5xfK3HRG391CBgCffzGf174a1bKMu4EbOFfrD9eyj90An14tyn0tPGg5
IlutbA2EL52jJYz2
=OpSl
-----END PGP PUBLIC KEY BLOCK-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• application/octet-stream attachment: serv-ME.c

• Previous message: Gadi Evron: "[Full-Disclosure] Refuting tall-tales and stories about the Mydoom worms"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Serv-U exploit ... Attached is my Serv-U "SITE CHMOD" exploit. ... Should be pretty script kiddie ... Version: PGP 8.0 - not licensed for commercial use: www.pgp.com ... (Bugtraq) Serv-U exploit ... Attached is my Serv-U "SITE CHMOD" exploit. ... Should be pretty script kiddie ... Version: PGP 8.0 - not licensed for commercial use: www.pgp.com ... (Full-Disclosure) [SST]ServU MDTM command remote buffero verflow adv ... Serv-U Ftp Server Long Filename Stack Overflow Vunlnerablity ... An internal memory buffer may be overrun while handling "site chmod" command ... (Bugtraq) [SST]ServU MDTM command remote buffero verflow adv ... Serv-U Ftp Server Long Filename Stack Overflow Vunlnerablity ... An internal memory buffer may be overrun while handling "site chmod" command ... (Full-Disclosure) Serv-U 4.1 Memory Corruption / Whatever ... fuzzer to check ... Serv-U, I found something that crashed it using bad data in SITE CHMOD. ... cause you can control 2 bytes of a dword where your buffer gets written, ... (Vuln-Dev)