PHP <= 4.4.3 / 5.1.4 (sscanf) Local Buffer Overflow Exploit

No description provided by source. ? / hoagiephpsscanf.php PHP = 4.4.3 / 5.1.4 local buffer overflow exploit howto get offsets: set $baseaddr to 0x41414141 ulimit -c 20000 /etc/init.d/apache restart execute script via web browser tail /var/log/apache/error.log ... Wed Aug 16 15:07:10 2006 notice...

Linux Kernel (Solaris 10 / &lt; 5.10 138888-01) - Local Privilege Escalation

/ hoagiesolarissiocgtunparam.c LOCAL SOLARIS KERNEL ROOT EXPLOIT ipifill is used for mutex enter so we have to set the offet for an illt structure. Later putnext will be called with a queue see illt. We can use this queue to add a custom callback function that is used by putnext. ipif.c /...

Linux Kernel (Solaris 10 5.10 138888-01) - Local Privilege Escalation

Linux Kernel Solaris 10 5.10 138888-01 - Local Privilege Escalation / hoagiesolarissiocgtunparam.c LOCAL SOLARIS KERNEL ROOT EXPLOIT ipifill is used for mutex enter so we have to set the offet for an illt structure. Later putnext will be called with a queue see illt. We can use this queue to add ...

Linux Kernel 2.6.19 (Debian 4) - udp_sendmsg Local Privilege Escalation (3)

Linux Kernel 2.6.19 Debian 4 - udpsendmsg Local Privilege Escalation 3 / hoagieudpsendmsg.c LOCAL LINUX KERNEL ROOT EXPLOIT include include include include include include include include / this code will be called from NFHOOK via output callback in kernel mode / void setcurrenttaskuidsgidstozero...

Sun Solaris &lt;= 10 snoop(1M) Utility Remote Exploit

No description provided by source. / hoagiesnoop.c SUN SOLARIS SNOOP REMOTE EXPLOIT + Sun Solaris 8/9/10 + OpenSolaris snv96 Bug discovered by Gael Delalleau http://www.securityfocus.com/bid/30556 attack:/exploits ./hoagiesnoop -t 192.168.0.1 hoagiesnoop.c - solaris snoop remote -andi / void.at...

Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution

Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution / hoagielighttpd.c LIGHTTPD/FASTCGI REMOTE EXPLOIT Philip Olausson http://www.secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/ FastCGI: http://www.fastcgi.com/devkit/doc/fcgi-spec.html THIS FILE IS FOR STUDYING...

Lighttpd <= 1.4.17 FastCGI Header Overflow Remote Exploit

Exploit for linux platform in category remote exploits ========================================================= Lighttpd Philip Olausson http://www.secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/ FastCGI: http://www.fastcgi.com/devkit/doc/fcgi-spec.html THIS FILE IS FOR STUDYING...

Lighttpd &lt;= 1.4.17 FastCGI Header Overflow Remote Exploit

No description provided by source. / hoagielighttpd.c LIGHTTPD/FASTCGI REMOTE EXPLOIT = 1.4.17 Bug discovered by: Mattias Bengtsson [email protected] Philip Olausson [email protected] http://www.secweb.se/en/advisories/lighttpd-fastcgi-remote-vulnerability/ FastCGI:...

OpenFTPd 0.30.2 - Remote Overflow

OpenFTPd 0.30.2 - Remote Overflow / hoagieopenftpd.c LINUX/X86 OPENFTPD REMOTE EXLPOIT : jmp 0x804db90 ^^^^^^^^^ the first one gdb break main Breakpoint 1 at 0x804bd05 gdb r Starting program: /home/andi/openftpd/bin/msg Thread debugging using libthreaddb enabled New Thread 16384 LWP 29479 Switchi...

OpenFTPd 0.30.2 - Remote Overflow

/ hoagieopenftpd.c LINUX/X86 OPENFTPD REMOTE EXLPOIT : jmp 0x804db90 ^^^^^^^^^ the first one gdb break main Breakpoint 1 at 0x804bd05 gdb r Starting program: /home/andi/openftpd/bin/msg Thread debugging using libthreaddb enabled New Thread 16384 LWP 29479 Switching to Thread 16384 LWP 29479...