tag:blogger.com,1999:blog-6417275079333363490.post3917840308249094278..comments2023-07-22T02:53:13.759-07:00Comments on Greg Martin's blog - InfoSecurity 2.0: Oracle Weblogic IIS remote buffer overflowGreg Martinhttp://www.blogger.com/profile/11631833625444365559noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-6417275079333363490.post-48592054510156365582009-04-08T05:58:00.000-07:002009-04-08T05:58:00.000-07:00To overflow the JSESSIONID in his perl script he i...To overflow the JSESSIONID in his perl script he inserts B x 5132 into the URI before inserting the shellcode<BR/><BR/>print $sock "POST /index.jsp?;JSESSIONID=" . <BR/> "B" x 5132 . <BR/> $shellcode .Greg Martinhttps://www.blogger.com/profile/11631833625444365559noreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-7596673080447822722009-04-07T23:39:00.000-07:002009-04-07T23:39:00.000-07:00sorry.. It's not depends on OS but depends on proc...sorry.. It's not depends on OS but depends on processors..srujannoreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-49148384470316053372009-04-07T23:33:00.000-07:002009-04-07T23:33:00.000-07:00Why exact 5132 bytes? Actually in the exploit prov...Why exact 5132 bytes? Actually in the exploit provided (milw0rm 8336) he is overwriting all pointer locations!! As per my understanding pointer locations changes based on the OS we used.. So the length may change?srujannoreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-76696327144499015512009-04-07T12:07:00.000-07:002009-04-07T12:07:00.000-07:00I originally wrote it for a public exploit content...I originally wrote it for a public exploit content matching on shellcode, I just updated it to match on the vulnerabilityGreg Martinhttps://www.blogger.com/profile/11631833625444365559noreply@blogger.comtag:blogger.com,1999:blog-6417275079333363490.post-34301738737343489742009-04-07T06:24:00.000-07:002009-04-07T06:24:00.000-07:00In the rule you developed (SID 300999) why hex val...In the rule you developed (SID 300999) why hex value? <BR/>|35 44 38 45 51 4b 5a 4c 4b 50 4a 45 48 4c|<BR/><BR/>Is these values overflow stack pointer?srujannoreply@blogger.com