O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.
Andrey Plastunov
Digital Security (dsec.ru)
Fuzz your way into the web server’s zoo
● Pentester at dsec.ru [ ]
@DSecRU
@plastunovaa
@osakaaa
a.plastunov@dsec.ru
[About]
[Agenda]
[The Zoo]
➢ Web proxies
[The Zoo]
➢ Web proxies
○ Content-filtering
[The Zoo]
➢ Web proxies
○ Content-filtering
○ Tunneling
[The Zoo]
➢ Web proxies
○ Content-filtering
○ Tunneling
○ ...
[The Zoo]
➢ Web proxies
➢ Embedded systems
[The Zoo]
➢ Web proxies
➢ Embedded systems
○ Routers and other
network devices
[The Zoo]
➢ Web proxies
➢ Embedded systems
○ Routers and other
network devices
○ Industrial devices
[The Zoo]
➢ Web proxies
➢ Embedded systems
○ Routers and other
network devices
○ Industrial devices
○ ...
[The Zoo]
➢ Web proxies
➢ Embedded systems
➢ Non-default modules
in mainstream servers
[The Zoo]
➢ Web proxies
➢ Embedded systems
➢ Non-default modules
in mainstream servers
➢ Other software
[The Zoo]
➢ Web proxies
➢ Embedded systems
➢ Non-default modules
in mainstream servers
➢ Other software
----------------------------...
[The HTTP]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Co...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Content-Type: text/h...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method
Methods:
STANDARD: GET POST HEAD OPTIONS TRACE
CONNECT PUT DELETE
...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters[fuzzable]
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters[fuzzable]
protocol version
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1
Method[fuzzable]
URI[fuzzable]
parameters[fuzzable]
protocol version[fuzz...
[The HTTP]
POST http://server.name/do/not/touch?my=server HTTP/1.1
URI[fuzzable]
parameters[fuzzable]
protocol version[fuz...
[The HTTP]
POST http://server.name/do/not/touch?my=server HTTP/1.1
URI[fuzzable]
parameters[fuzzable]
protocol version[fuz...
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values
Some google.co...
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values[fuzzable]
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values[fuzzable]
pair...
[The HTTP]
HOST: www.victim.com
User-Agent: Fuzzy browser
Content-Type: text/html
Content-Length: 42
Values[fuzzable]
pair...
[The HTTP]
name=post_example&very_tricky_parameter=hi!
Content-type: application/x-www-form-urlencoded
[The HTTP]
Content-type: application/x-www-form-urlencoded
name=post_example&very_tricky_parameter=hi!
Same as for URL dat...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition: form-data...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
---Boundary_value
Content-Disposition: form-data; name=”description”
test
---Boundary_value
Content-Disposition...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Accept: text/html,ap...
[The HTTP]
Delimiters
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Accept: t...
[The HTTP]
POST /do/not/touch?my=server HTTP/1.1rn
HOST: www.victim.comrn
User-Agent: Fuzzy browserrn
Accept: text/html,ap...
[Fuzzing approaches]
Web
Server
Client
(Fuzzer)
[Straight fuzzing]
Web
Server
Client
(Fuzzer)
(FUZZ) HTTP REQUEST
[Straight fuzzing]
Web
Server
Client
(Fuzzer)
(FUZZ) HTTP REQUEST
HTTP RESPONSE
[Straight fuzzing]
Web
Server
(Fuzzer)
Client
[Reverse fuzzing]
Web
Server
(Fuzzer)
Client
HTTP REQUEST
[Reverse fuzzing]
Web
Server
(Fuzzer)
Client
HTTP REQUEST
(FUZZ) HTTP RESPONSE
[Reverse fuzzing]
Web
Server
(Fuzzer)
Client
HTTP REQUEST
(FUZZ) HTTP RESPONSE
[Reverse fuzzing]
Difficulties:
➢ There is no possibility to ...
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
[Double fuzzing]
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
[Double fuzzing]
(FUZZ) HTTP REQUEST
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
(FUZZ) HTTP REQUEST
[Double fuzzing]
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
(FUZZ) HTTP REQUEST
[Double fuzzing]
(FUZZ) HTTP RESPONSE
Web
Server
(Fuzzer)
Client
(Fuzzer)
HTTP
Proxy
(FUZZ) HTTP REQUEST
[Double fuzzing]
(FUZZ) HTTP RESPONSE
[The detection]
➢ Traffic analysis
[The detection]
➢ Traffic analysis
➢ Local process monitoring
[The detection]
➢ Traffic analysis
➢ Local process monitoring
➢ Some heuristics based on responses from
target
[The detection]
➢ Traffic analysis
➢ Local process monitoring
➢ Some heuristics based on responses from
target
○ Comparing with reference ...
p.s. still alpha version :-)
[The wuzzer]
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Generator
Queue Transmitter Target
Monitor
1.Task
2.Task
Wuzzer Target
4. Statistic
6. ResultsLog
3.REQ
5. RE...
[The wuzzer]
Look for the wuzzer updates at
https://www.github.com/osakaaa
[The examples]
Content-Length: -2
➢ An Integer Overflow causes a memory
consumption bug
[The examples]
[The examples]
Content-Length: 601
Crash due to an unhandled
exception in strcpy_s
[The examples]
Content-Length: 601
Crash due to an unhandled
exception in strcpy_s
Content-Length: -0
Integer Overflow causes Stack Buffer Overflow
[The examples]
Authorization: Basic
Login name > 16kb
Causes stack buffer overflow (??)
[The examples]
Accept-language: en-US,,,,<1000>,,,,,ru-RU
Buffer Overflow (???)
[The examples]
MS15-034:
Range: Bytes: 18-18446744073709551615
Integer Overflow
[The examples]
CVE:2014-5289: Long URI in POST request :
POST /AAAAAAA….<736>...AAAAA
Stack Buffer Overflow
[The examples]
[The end]
Próximos SlideShares
Carregando em…5
×

[Confidence] Fuzz your way into web server's zoo

835 visualizações

Publicada em

My talk on fuzzing the variety of web servers the one could find on the internets

Publicada em: Software
  • Seja o primeiro a comentar

[Confidence] Fuzz your way into web server's zoo

  1. 1. Andrey Plastunov Digital Security (dsec.ru) Fuzz your way into the web server’s zoo
  2. 2. ● Pentester at dsec.ru [ ] @DSecRU @plastunovaa @osakaaa a.plastunov@dsec.ru [About]
  3. 3. [Agenda]
  4. 4. [The Zoo]
  5. 5. ➢ Web proxies [The Zoo]
  6. 6. ➢ Web proxies ○ Content-filtering [The Zoo]
  7. 7. ➢ Web proxies ○ Content-filtering ○ Tunneling [The Zoo]
  8. 8. ➢ Web proxies ○ Content-filtering ○ Tunneling ○ ... [The Zoo]
  9. 9. ➢ Web proxies ➢ Embedded systems [The Zoo]
  10. 10. ➢ Web proxies ➢ Embedded systems ○ Routers and other network devices [The Zoo]
  11. 11. ➢ Web proxies ➢ Embedded systems ○ Routers and other network devices ○ Industrial devices [The Zoo]
  12. 12. ➢ Web proxies ➢ Embedded systems ○ Routers and other network devices ○ Industrial devices ○ ... [The Zoo]
  13. 13. ➢ Web proxies ➢ Embedded systems ➢ Non-default modules in mainstream servers [The Zoo]
  14. 14. ➢ Web proxies ➢ Embedded systems ➢ Non-default modules in mainstream servers ➢ Other software [The Zoo]
  15. 15. ➢ Web proxies ➢ Embedded systems ➢ Non-default modules in mainstream servers ➢ Other software ------------------------------ ➔ Clients [The Zoo]
  16. 16. [The HTTP]
  17. 17. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111
  18. 18. [The HTTP] POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Content-Type: text/htmlrn Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn
  19. 19. [The HTTP] POST /do/not/touch?my=server HTTP/1.1
  20. 20. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method
  21. 21. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method Methods: STANDARD: GET POST HEAD OPTIONS TRACE CONNECT PUT DELETE WEBDAV: PROPFIND PROPPATH MKCOL COPY MOVE LOCK UNLOCK + versioning extensions CUSTOM: Anything a developer can imagine (e.g. VALIDATE, CURATE, etc.)
  22. 22. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable]
  23. 23. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI
  24. 24. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable]
  25. 25. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters
  26. 26. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters[fuzzable]
  27. 27. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters[fuzzable] protocol version
  28. 28. [The HTTP] POST /do/not/touch?my=server HTTP/1.1 Method[fuzzable] URI[fuzzable] parameters[fuzzable] protocol version[fuzzable?]
  29. 29. [The HTTP] POST http://server.name/do/not/touch?my=server HTTP/1.1 URI[fuzzable] parameters[fuzzable] protocol version[fuzzable?] In case of connecting via proxy: Method[fuzzable] Server name
  30. 30. [The HTTP] POST http://server.name/do/not/touch?my=server HTTP/1.1 URI[fuzzable] parameters[fuzzable] protocol version[fuzzable?] In case of connecting via proxy: Method[fuzzable] Server name[fuzzable]
  31. 31. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42
  32. 32. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values
  33. 33. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values Some google.com examples of complex headers: Cookie: PREF=ID=d58a20b32d82347c:U=866f4da1ca2cc94c: FF=0:TM=1432555395:LM=1432555397:S=DzXF-knTmsVgJcCF; NID=67=H71Q3BwamddYRlgS5a9N0AZ1UqRAbcOcVORM3AJ3pb 7i8WajPH7QDWuWNx5AYUvqBqrysr0QeuqG5QZfjJmEIMLoCSoP F0nA307pAb9GgmmA0Rl8Pg1ls8g4106DEbSz
  34. 34. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values[fuzzable]
  35. 35. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values[fuzzable] pair(header:value)
  36. 36. [The HTTP] HOST: www.victim.com User-Agent: Fuzzy browser Content-Type: text/html Content-Length: 42 Values[fuzzable] pair(header:value)[fuzzable]
  37. 37. [The HTTP] name=post_example&very_tricky_parameter=hi! Content-type: application/x-www-form-urlencoded
  38. 38. [The HTTP] Content-type: application/x-www-form-urlencoded name=post_example&very_tricky_parameter=hi! Same as for URL data: [fuzzable]
  39. 39. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data
  40. 40. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data data header
  41. 41. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data data header[fuzzable]
  42. 42. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data data header[fuzzable] mime parameter
  43. 43. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data mime parameter[fuzzable] data header[fuzzable]
  44. 44. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content” filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data plain text value data header[fuzzable] mime parameter[fuzzable]
  45. 45. ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content”; filename=”test.dat” xdexadxbexef ---Boundary_value [The HTTP] Content-type: multipart/form-data plain text value[fuzzable] data header[fuzzable] mime parameter[fuzzable]
  46. 46. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content”; filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data binary value plain text value[fuzzable] mime parameter[fuzzable] data header[fuzzable]
  47. 47. [The HTTP] ---Boundary_value Content-Disposition: form-data; name=”description” test ---Boundary_value Content-Disposition: form-data; name=”file_content”; filename=”test.dat” xdexadxbexef ---Boundary_value Content-type: multipart/form-data binary value[fuzzable] plain text value[fuzzable] mime parameter[fuzzable] data header[fuzzable]
  48. 48. [The HTTP] POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Accept: text/html,application/xmlrn Content-Type: text/htmlrn Cookie: id=olololo;TheAnswer=42 Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn
  49. 49. [The HTTP] Delimiters POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Accept: text/html,application/xmlrn Content-Type: text/htmlrn Cookie: id=olololo;TheAnswer=42 Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn
  50. 50. [The HTTP] POST /do/not/touch?my=server HTTP/1.1rn HOST: www.victim.comrn User-Agent: Fuzzy browserrn Accept: text/html,application/xmlrn Content-Type: text/htmlrn Cookie: id=olololo;TheAnswer=42 Content-Length: 42rn rn AAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaa!!!!1111rn Delimiters[fuzzable]
  51. 51. [Fuzzing approaches]
  52. 52. Web Server Client (Fuzzer) [Straight fuzzing]
  53. 53. Web Server Client (Fuzzer) (FUZZ) HTTP REQUEST [Straight fuzzing]
  54. 54. Web Server Client (Fuzzer) (FUZZ) HTTP REQUEST HTTP RESPONSE [Straight fuzzing]
  55. 55. Web Server (Fuzzer) Client [Reverse fuzzing]
  56. 56. Web Server (Fuzzer) Client HTTP REQUEST [Reverse fuzzing]
  57. 57. Web Server (Fuzzer) Client HTTP REQUEST (FUZZ) HTTP RESPONSE [Reverse fuzzing]
  58. 58. Web Server (Fuzzer) Client HTTP REQUEST (FUZZ) HTTP RESPONSE [Reverse fuzzing] Difficulties: ➢ There is no possibility to check the client’s health by directly communicating with it ➢ Additional tweaks needed to re-run the client after each request
  59. 59. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy [Double fuzzing]
  60. 60. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy [Double fuzzing] (FUZZ) HTTP REQUEST
  61. 61. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy (FUZZ) HTTP REQUEST [Double fuzzing]
  62. 62. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy (FUZZ) HTTP REQUEST [Double fuzzing] (FUZZ) HTTP RESPONSE
  63. 63. Web Server (Fuzzer) Client (Fuzzer) HTTP Proxy (FUZZ) HTTP REQUEST [Double fuzzing] (FUZZ) HTTP RESPONSE
  64. 64. [The detection]
  65. 65. ➢ Traffic analysis [The detection]
  66. 66. ➢ Traffic analysis ➢ Local process monitoring [The detection]
  67. 67. ➢ Traffic analysis ➢ Local process monitoring ➢ Some heuristics based on responses from target [The detection]
  68. 68. ➢ Traffic analysis ➢ Local process monitoring ➢ Some heuristics based on responses from target ○ Comparing with reference response [The detection]
  69. 69. p.s. still alpha version :-) [The wuzzer]
  70. 70. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  71. 71. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  72. 72. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results Paid advertisement =) PyZZUF by @nezlooy https://github.com/nezlooy/pyZZUF
  73. 73. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  74. 74. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  75. 75. [The wuzzer] Generator Queue Transmitter Target Monitor 1.Task 2.Task Wuzzer Target 4. Statistic 6. ResultsLog 3.REQ 5. RESP 7. Results
  76. 76. [The wuzzer] Look for the wuzzer updates at https://www.github.com/osakaaa
  77. 77. [The examples]
  78. 78. Content-Length: -2 ➢ An Integer Overflow causes a memory consumption bug [The examples]
  79. 79. [The examples] Content-Length: 601 Crash due to an unhandled exception in strcpy_s
  80. 80. [The examples] Content-Length: 601 Crash due to an unhandled exception in strcpy_s
  81. 81. Content-Length: -0 Integer Overflow causes Stack Buffer Overflow [The examples]
  82. 82. Authorization: Basic Login name > 16kb Causes stack buffer overflow (??) [The examples]
  83. 83. Accept-language: en-US,,,,<1000>,,,,,ru-RU Buffer Overflow (???) [The examples]
  84. 84. MS15-034: Range: Bytes: 18-18446744073709551615 Integer Overflow [The examples]
  85. 85. CVE:2014-5289: Long URI in POST request : POST /AAAAAAA….<736>...AAAAA Stack Buffer Overflow [The examples]
  86. 86. [The end]

×