Tweet
So, i've been reading a lot of articles about this whole thing. Also I found an example of a perl script that exploits it. I tried one of my own in PHP and it was caught by ZL but I was wondering how to do the shell stuff? like inserting malicious code.. couldn't quite figure that out. Anyone know much about this?
-
-
Read the rules.Originally posted by ProtonageNetGo catch a falling star. -
Actually, I don't see anything wrong with the post. He's not asking how to hack, he's talking about a specific vulnerability and how it works under certain circumstances.Originally posted by Import.: Grifter :.
Comment
-
i just think it's quite a spiff hack using jpegs, i knew about one back in 2k2 but seemed to be just a hoax, but this is for real... and it is vurnarble to the oh so mighty SP2, which makes me lmfao.
i think i sorta somewhat understands hwo it works.. it's basicly some bytes that tell the GDI to go all wack or something?Comment
-
thats stenographyLast edited by Webster; September 29, 2004, 05:46.blowfish:.2x10x448
www.gnivirdrawn.comComment
-
Nope.Originally posted by Webster
Stenography:
1. The art or process of writing in shorthand.
2. The art or practice of transcribing speech with a stenograph machine.
3. Material transcribed in shorthand.
Steganography:
The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography.Comment
-
OK, in an attempt to get this thread somewhat back on topic: for more information on the JPEG GDI vulnerability (which, I assume, is the one that was originally being referred to), I would recommend checking the last week or so's Bugtraq archive. There's been a fair amount of discussion on this topic, including POC code. Searching Google for 'GDI exploit' is also rather revealing.Comment
-
:( i was close.Originally posted by skrooblowfish:.2x10x448
www.gnivirdrawn.comComment
-
Quoted posts are like pubic hair: only good to look at when properly-trimmed.Originally posted by WebsterComment
-
Nope, not in the least. It has nothing to do with crypography, it is an exploit that causes the GDI to shat upon itself. PoC code here (don't be a douce with it) and more info here.Originally posted by WebsterHappiness is a belt-fed weapon.Comment
-
So where is it?
What I'm curious about is that we haven't seen a full blown worm based on this weakness yet.... what gives? Has the media over blow it again, or is this more of a bear to exploit than first though?
Or is everybody working on version 55 of Netsky?Comment
-
I remember the "good old days" when someone would open a GIF file, thinking it was naked Brittany Speares, and it would be a hidden .exe extension which would auto-install a trojan.
What ever happened to people being inventive?-Ridirich
"When you're called upon to do anything, and you're not ready to do it, then you've failed."
Commander W.H. HamiltonComment
-
Go look in p2p programs. It's still there.Originally posted by Ridirich- Programmer -Comment
-
I just just hoping for more imagination with the evil things people do to compromise our systems. Like, maybe I dunno, a graphic that says "Your files are now mine" or something....-Ridirich
"When you're called upon to do anything, and you're not ready to do it, then you've failed."
Commander W.H. HamiltonComment
Comment