Subversion 0.3.7/1.0.0 Remote Buffer Overflow Exploit
/*********************************************************** * hoagie_subversion.c * * Remote exploit against Subversion-Servers. * * Author: KnbykL <info@knbykl.org> * * Tested on Subversion 1.0.0 and 0.37 * * Algorithm: * This is a two-stage exploit. The first stage overflows * a buffer on the stack and leaves us ~60 bytes of machine * code to be executed. We try to find the socket-fd there * and then do a read(2) on the socket. The exploit then * sends the second stage loader to the server, which can * be of any length (up to the obvious limits, of course). * This second stage loader spawns /bin/sh on the server * and connects it to the socket-fd. * * Credits: * void.at * * THIS FILE IS FOR STUDYING PURPOSES ONLY AND * A PROOF-OF-CONCEPT. THE AUTHOR CAN NOT BE HELD * RESPONSIBLE FOR ANY DAMAGE OR CRIMINAL ACTIVITIES * DONE USING THIS PROGRAM. * ***********************************************************/
Entries (RSS)