Posted: Mon May 03, 2010 6:25 pm Post subject: Buffer Overflow by a long path name
I am working on this exploit http://milworm.ru/exploits/1295
The vulnerability is exploited by creating multiple levels of sub-directories with long names on ftp server, and then issuing the "XPWD" command when at the lowest level sub-directory.
The resulting path name that is generated in response to the "XPWD" command will exceed 2048 bytes, thus overflowing the stack-buffer.
What i cannot understand is how the code is injected in the file path.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum