[Dailydave] Ferret
Phrack Senate Omniscient
phracksenate at gmail.com
Tue Mar 6 06:27:57 EST 2007
On 3/5/07, Ronaldo Vasconcellos <ronaldo at cais.rnp.br> wrote:
>
> Very interesting tool, folks.
>
> When I sent a message to wifisec at securityfocus on Friday it was just an
> announcement made on Black Hat DC, but Maynor released the tool in the
> same day.
seepage
> Errata Security: Ferret
> http://www.erratasec.com/ferret.html
"probably has a remote vulnerability"
aka
"we dun know how to code proper. lulz!!! :("
Ferret-1/Ferret/http.c:
void process_simple_http(struct Seaper *seap, struct NetFrame *frame,
const unsigned char *px, unsigned length) {
char method[16];
...
x=0;
while (i<length && !isspace(px[i])) {
if (x < sizeof(method) -1) {
method[x++] = (char)toupper(px[i++]);
method[x] = '\0';
}
}
ur code getting owned in less than 60 seconds: priceless
knowing that ur code prolly has a dozen other elementary errors
resulting in memory corruption: just fucking embarassing
Some at Black Hat called it "serious fucking business".
---
phrack senate omniscient
fighting internet crime with internet rhymes
fuck the high council
More information about the Dailydave
mailing list