need help on pen-test .( exploiting IMail 7.0.7 flaw )
From: Strcpy (elite_netbios_at_yahoo.com)
Date: 07/16/04
- Previous message: Simon Shanks: "Webstretch - open source web penetration toolkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 16 Jul 2004 08:14:34 -0700 (PDT) To: pen-test@securityfocus.com
Hi list
I`m asked to do a pen-test on some servers.
during the test I found one , running the
IPSwitch I-mail 7.0.7 on a 2K-SP4 host.
well , as you may know this version is vulnerable to
the "web messageing " overflow which is reported
as BID 5323 . there is also a POC provided.
to become sure and a well pen-test I`d exploit this
bug . the code is optimised for this version of dll :
IMailsec.dll v.2.6.17.28
which is NOT my specific version . I don`t have
I-mail 7.0.7 localy installed to exactly know which
version of DLL it use .
Can anyone help me by providing me the return-address
of Imail 7.0.7`s DLL , to use in code?
or even better a brife hint to teach me how to
determine it myself .
and another question :
is it possible to do a brute-force to find
address in this bug ?
thnx so much
H.k
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail
- Previous message: Simon Shanks: "Webstretch - open source web penetration toolkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
