Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Andrey Plastunov
Digital Security (dsec.ru)
Fuzz your way into the web server’s zoo
● Pentester at dsec.ru [ ]
@DSecRU
@plastunovaa
@osakaaa
a.plastunov@dsec.ru
[About]
[Agenda]
[The Zoo]
➢ Web proxies
[The Zoo]
➢ Web proxies
○ Content-filtering
[The Zoo]
➢ Web proxies
○ Content-filtering
○ Tunneling
[The Zoo]
➢ Web proxies
○ Content-filtering
○ Tunneling
○ ...
[The Zoo]
➢ Web proxies
➢ Embedded systems
[The Zoo]
➢ Web proxies
➢ Embedded systems
○ Routers and other
network devices
[The Zoo]
➢ Web proxies
➢ Embedded systems
○ Routers and other
network devices
○ Industrial devices
[The Zoo]
➢ Web proxies
➢ Embedded systems
○ Routers and other
network devices
○ Industrial devices
○ ...
[The Zoo]
➢ Web proxies
➢ Embedded systems
➢ Non-default modules
in mainstream servers
[The Zoo]
➢ Web proxies
➢ Embedded systems
➢ Non-default modules
in mainstream servers
➢ Other software
[The Zoo]
➢ Web proxies
➢ Embedded systems
➢ Non-default modules
in mainstream servers
➢ Other software
----------------------------...
[The HTTP]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Co...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Content-Type: text/h...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method
Methods:
STANDARD: GET POST HEAD OPTIONS TRACE
CONNECT PUT DELETE
...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters[fuzzable]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters[fuzzable]
protocol version
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters[fuzzable]
protocol version[fuzz...
[The HTTP]
POST http://server.name/do/not/touch?my=server HTTP/1.1
URI[fuzzable]
parameters[fuzzable]
protocol version[fuz...
[The HTTP]
POST http://server.name/do/not/touch?my=server HTTP/1.1
URI[fuzzable]
parameters[fuzzable]
protocol version[fuz...
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values
Some google.co...
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values[fuzzable]
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values[fuzzable]
pair...
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values[fuzzable]
pair...
[The HTTP]
name=post_example&very_tricky_parameter=hi!
Content-type: application/x-www-form-urlencoded
[The HTTP]
Content-type: application/x-www-form-urlencoded
name=post_example&very_tricky_parameter=hi!
Same as for URL dat...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition: form-data...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Accept: text/html,ap...
[The HTTP]
Delimiters
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Accept: t...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Accept: text/html,ap...
[Fuzzing approaches]
Web
Server
Client
(Fuzzer)
[Straight fuzzing]
Web
Server
Client
(Fuzzer)
(FUZZ) HTTP REQUEST
[Straight fuzzing]
Web
Server
Client
(Fuzzer)
(FUZZ) HTTP REQUEST
HTTP RESPONSE
[Straight fuzzing]
Web
Server
(Fuzzer)
Client
[Reverse fuzzing]
Web
Server
(Fuzzer)
Client
HTTP REQUEST
[Reverse fuzzing]
Web
Server
(Fuzzer)
Client
HTTP REQUEST
(FUZZ) HTTP RESPONSE
[Reverse fuzzing]
Web
Server
(Fuzzer)
Client
HTTP REQUEST
(FUZZ) HTTP RESPONSE
[Reverse fuzzing]
Difficulties:
➢ There is no possibility to ...
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
[Double fuzzing]
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
[Double fuzzing]
(FUZZ) HTTP REQUEST
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
(FUZZ) HTTP REQUEST
[Double fuzzing]
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
(FUZZ) HTTP REQUEST
[Double fuzzing]
(FUZZ) HTTP RESPONSE
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
(FUZZ) HTTP REQUEST
[Double fuzzing]
(FUZZ) HTTP RESPONSE
[The detection]
➢ Traffic analysis
[The detection]
➢ Traffic analysis
➢ Local process monitoring
[The detection]
➢ Traffic analysis
➢ Local process monitoring
➢ Some heuristics based on responses from
target
[The detection]
➢ Traffic analysis
➢ Local process monitoring
➢ Some heuristics based on responses from
target
○ Comparing with reference ...
p.s. still alpha version :-)
[The wuzzer]
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Look for the wuzzer updates at
https://www.github.com/osakaaa
[The examples]
Content-Length: -2
➢ An Integer Overflow causes a memory
consumption bug
[The examples]
[The examples]
Content-Length: 601
Crash due to an unhandled
exception in strcpy_s
[The examples]
Content-Length: 601
Crash due to an unhandled
exception in strcpy_s
Content-Length: -0
Integer Overflow causes Stack Buffer Overflow
[The examples]
Authorization: Basic
Login name > 16kb
Causes stack buffer overflow (??)
[The examples]
Accept-language: en-US,,,,<1000>,,,,,ru-RU
Buffer Overflow (???)
[The examples]
MS15-034:
Range: Bytes: 18-18446744073709551615
Integer Overflow
[The examples]
CVE:2014-5289: Long URI in POST request :
POST /AAAAAAA….<736>...AAAAA
Stack Buffer Overflow
[The examples]
[The end]
Upcoming SlideShare
Loading in …5
×

[Confidence] Fuzz your way into web server's zoo

804 views

Published on

My talk on fuzzing the variety of web servers the one could find on the internets

Published in: Software
  • Be the first to comment

[Confidence] Fuzz your way into web server's zoo

  1. 1. Andrey Plastunov Digital Security (dsec.ru) Fuzz your way into the web server’s zoo
  2. 2. ● Pentester at dsec.ru [ ] @DSecRU @plastunovaa @osakaaa a.plastunov@dsec.ru [About]
  3. 3. [Agenda]
  4. 4. [The Zoo]
  5. 5. ➢ Web proxies [The Zoo]
  6. 6. ➢ Web proxies ○ Content-filtering [The Zoo]
  7. 7. ➢ Web proxies ○ Content-filtering ○ Tunneling [The Zoo]
  8. 8. ➢ Web proxies ○ Content-filtering ○ Tunneling ○ ... [The Zoo]
  9. 9. ➢ Web proxies ➢ Embedded systems [The Zoo]
  10. 10. ➢ Web proxies ➢ Embedded systems ○ Routers and other network devices [The Zoo]
  11. 11. ➢ Web proxies ➢ Embedded systems ○ Routers and other network devices ○ Industrial devices [The Zoo]
  12. 12. ➢ Web proxies ➢ Embedded systems ○ Routers and other network devices ○ Industrial devices ○ ... [The Zoo]
  13. 13. ➢ Web proxies ➢ Embedded systems ➢ Non-default modules in mainstream servers [The Zoo]
  14. 14. ➢ Web proxies ➢ Embedded systems ➢ Non-default modules in mainstream servers ➢ Other software [The Zoo]
  15. 15. ➢ Web proxies ➢ Embedded systems ➢ Non-default modules in mainstream servers ➢ Other software ------------------------------ ➔ Clients [The Zoo]
  16. 16. [The HTTP]
  17. 17. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111
  18. 18. [The HTTP] POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Content-Type: text/htmlrn Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn
  19. 19. [The HTTP] POST /do/not/touch?my=server HTTP/1.1
  20. 20. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method
  21. 21. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method Methods: STANDARD: GET POST HEAD OPTIONS TRACE CONNECT PUT DELETE WEBDAV: PROPFIND PROPPATH MKCOL COPY MOVE LOCK UNLOCK + versioning extensions CUSTOM: Anything a developer can imagine (e.g. VALIDATE, CURATE, etc.)
  22. 22. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable]
  23. 23. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI
  24. 24. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable]
  25. 25. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters
  26. 26. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters[fuzzable]
  27. 27. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters[fuzzable] protocol version
  28. 28. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters[fuzzable] protocol version[fuzzable?]
  29. 29. [The HTTP] POST http://server.name/do/not/touch?my=server HTTP/1.1 URI[fuzzable] parameters[fuzzable] protocol version[fuzzable?] In case of connecting via proxy: Method[fuzzable] Server name
  30. 30. [The HTTP] POST http://server.name/do/not/touch?my=server HTTP/1.1 URI[fuzzable] parameters[fuzzable] protocol version[fuzzable?] In case of connecting via proxy: Method[fuzzable] Server name[fuzzable]
  31. 31. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42
  32. 32. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values
  33. 33. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values Some google.com examples of complex headers: Cookie: PREF=ID=d58a20b32d82347c:U=866f4da1ca2cc94c: FF=0:TM=1432555395:LM=1432555397:S=DzXF-knTmsVgJcCF; NID=67=H71Q3BwamddYRlgS5a9N0AZ1UqRAbcOcVORM3AJ3pb 7i8WajPH7QDWuWNx5AYUvqBqrysr0QeuqG5QZfjJmEIMLoCSoP F0nA307pAb9GgmmA0Rl8Pg1ls8g4106DEbSz
  34. 34. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values[fuzzable]
  35. 35. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values[fuzzable] pair(header:value)
  36. 36. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values[fuzzable] pair(header:value)[fuzzable]
  37. 37. [The HTTP] name=post_example&very_tricky_parameter=hi! Content-type: application/x-www-form-urlencoded
  38. 38. [The HTTP] Content-type: application/x-www-form-urlencoded name=post_example&very_tricky_parameter=hi! Same as for URL data: [fuzzable]
  39. 39. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data
  40. 40. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data data header
  41. 41. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data data header[fuzzable]
  42. 42. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data data header[fuzzable] mime parameter
  43. 43. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data mime parameter[fuzzable] data header[fuzzable]
  44. 44. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data plain text value data header[fuzzable] mime parameter[fuzzable]
  45. 45. ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content”; filename=”test.dat” xdexadxbexef ---Boundary_value [The HTTP] Content-type: multipart/form-data plain text value[fuzzable] data header[fuzzable] mime parameter[fuzzable]
  46. 46. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content”; filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data binary value plain text value[fuzzable] mime parameter[fuzzable] data header[fuzzable]
  47. 47. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content”; filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data binary value[fuzzable] plain text value[fuzzable] mime parameter[fuzzable] data header[fuzzable]
  48. 48. [The HTTP] POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Accept: text/html,application/xmlrn Content-Type: text/htmlrn Cookie: id=olololo;TheAnswer=42 Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn
  49. 49. [The HTTP] Delimiters POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Accept: text/html,application/xmlrn Content-Type: text/htmlrn Cookie: id=olololo;TheAnswer=42 Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn
  50. 50. [The HTTP] POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Accept: text/html,application/xmlrn Content-Type: text/htmlrn Cookie: id=olololo;TheAnswer=42 Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn Delimiters[fuzzable]
  51. 51. [Fuzzing approaches]
  52. 52. Web Server Client (Fuzzer) [Straight fuzzing]
  53. 53. Web Server Client (Fuzzer) (FUZZ) HTTP REQUEST [Straight fuzzing]
  54. 54. Web Server Client (Fuzzer) (FUZZ) HTTP REQUEST HTTP RESPONSE [Straight fuzzing]
  55. 55. Web Server (Fuzzer) Client [Reverse fuzzing]
  56. 56. Web Server (Fuzzer) Client HTTP REQUEST [Reverse fuzzing]
  57. 57. Web Server (Fuzzer) Client HTTP REQUEST (FUZZ) HTTP RESPONSE [Reverse fuzzing]
  58. 58. Web Server (Fuzzer) Client HTTP REQUEST (FUZZ) HTTP RESPONSE [Reverse fuzzing] Difficulties: ➢ There is no possibility to check the client’s health by directly communicating with it ➢ Additional tweaks needed to re-run the client after each request
  59. 59. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy [Double fuzzing]
  60. 60. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy [Double fuzzing] (FUZZ) HTTP REQUEST
  61. 61. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy (FUZZ) HTTP REQUEST [Double fuzzing]
  62. 62. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy (FUZZ) HTTP REQUEST [Double fuzzing] (FUZZ) HTTP RESPONSE
  63. 63. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy (FUZZ) HTTP REQUEST [Double fuzzing] (FUZZ) HTTP RESPONSE
  64. 64. [The detection]
  65. 65. ➢ Traffic analysis [The detection]
  66. 66. ➢ Traffic analysis ➢ Local process monitoring [The detection]
  67. 67. ➢ Traffic analysis ➢ Local process monitoring ➢ Some heuristics based on responses from target [The detection]
  68. 68. ➢ Traffic analysis ➢ Local process monitoring ➢ Some heuristics based on responses from target ○ Comparing with reference response [The detection]
  69. 69. p.s. still alpha version :-) [The wuzzer]
  70. 70. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  71. 71. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  72. 72. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results Paid advertisement =) PyZZUF by @nezlooy https://github.com/nezlooy/pyZZUF
  73. 73. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  74. 74. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  75. 75. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  76. 76. [The wuzzer] Look for the wuzzer updates at https://www.github.com/osakaaa
  77. 77. [The examples]
  78. 78. Content-Length: -2 ➢ An Integer Overflow causes a memory consumption bug [The examples]
  79. 79. [The examples] Content-Length: 601 Crash due to an unhandled exception in strcpy_s
  80. 80. [The examples] Content-Length: 601 Crash due to an unhandled exception in strcpy_s
  81. 81. Content-Length: -0 Integer Overflow causes Stack Buffer Overflow [The examples]
  82. 82. Authorization: Basic Login name > 16kb Causes stack buffer overflow (??) [The examples]
  83. 83. Accept-language: en-US,,,,<1000>,,,,,ru-RU Buffer Overflow (???) [The examples]
  84. 84. MS15-034: Range: Bytes: 18-18446744073709551615 Integer Overflow [The examples]
  85. 85. CVE:2014-5289: Long URI in POST request : POST /AAAAAAA….<736>...AAAAA Stack Buffer Overflow [The examples]
  86. 86. [The end]

×