Nice find Kingcope, As Thierry mentioned it, i guess it was a pain to find it, nice one as always, your finding rocks. Cheers
2009/8/31 r1d1nd1rty <r1d1nd1...@hush.com> > why would anyone write a 0day with... > > # bug found & exploited by Kingcope, kcope2<at>googlemail.com > # Affects IIS6 with stack cookie protection > # August 2009 - KEEP THIS 0DAY PRIV8 > > ... then plaster it all over the internet? have you forgotten what > you, yourself wrote? > > if you guys really wanna get that famous.. perhaps you should > consider a new career - nobody even likes h4ck3rs these days anyway > (especially james and da internet po-po). > > and please put a fkn' sleep in ur while(1)'s after a fork()... it > appears as though you couldn't WAIT to get this one out... > > /rd > > remember to always r1d3 d1r7y n' bounce em. > > On Mon, 31 Aug 2009 16:31:51 -0400 Kingcope <kco...@googlemail.com> > wrote: > >Hello list, > > > >I have to clarify some things on the globbing vulnerability here. > >The posted PoC (with the fine art) does NOT exploit IIS6 ftp > >servers, > >IIS6 ftp server IS affected by the buffer overflow but is properly > >protected > >by stack canaries. AFAIK it looks like a DoS on Windows Server > >2003. > >Until someone finds a way to bypass Stack Canaries on recent > >Windows > >versions this remains a DoS on IIS6. > > > >Thanks to HD Moore and all people in the past you wrote exploits > >for > >my releases! > >Kudos! > > > >Nikolaos > > > >2009/8/31 Kingcope <kco...@googlemail.com>: > >> (see attachment) > >> > >> Cheerio, > >> > >> Kingcope > >> > > > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/