Date: Fri, 13 Apr 2001 15:04:16 +0200
From: Johnny Cyberpunk <[email protected]>
To: [email protected]Subject: SUN SOLARIS FTP GLOBBING
chris,
you wrote :
> I expect weird things from FTP, but this does not seem right. But I am
> curious how you plan to inject code if the only way to get the seg. fault
> is to enter a bare '~'? Kinda limits what you can get on the stack, no?
i forgot to mention that it is also possible to build an exploit-package
that looks
like this :
cwd ~?thenextfollowingtextdoesntmatterandcouldpossiblybeashellcode
as you see i've just inserted another special character after the ~
i'll research this problem more intensive to proof if a shellcode can
possibly being
injected.
cheers
[email protected]
