Skip to content

Latest commit

 

History

History
 
 

CVE-2004-1261

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
29-1.asp
29-1.asp
 
 
29-2.asp
29-2.asp
 
 
README.md
README.md
 
 

README.md

CVE-2004-1261

Experiment Environment

Ubuntu 11.04

INSTALL & Configuration

wget https://github.com/mudongliang/source-packages/raw/master/CVE-2004-1261/asp2php-0.76.23.tar.gz
tar -xvf asp2php-0.76.23.tar.gz 
cd asp2php-0.76.23/
make

Problems in Installation & Configuration

How to trigger vulnerability

./asp2php 29-1.asp
or 
./asp2php 29-2.asp

PoCs

ASP2PHP Preparse Temp Variable Buffer Overflow Vulnerability

ASP2PHP 0.76.23 - Preparse Token Variable Buffer Overflow

asp2php Buffer Overflow in gettoken() Lets Remote Users Execute Arbitrary Code

Vulnerability Details & Patch

Root Cause

Both buffer overflows can be blamed on gettoken(), which has a fundamentally broken gets()-style API. The preparse() function calls gettoken() to read data into a 1024-byte token[] array, and to read data into a 1024-byte temp[] array.

Stack Trace

References