mod_jk2とApache2.0 Win32でバッファオーバフローの脆弱性が存在してExploitが出ています。
/* Dreatica-FXP crew
*
* ----------------------------------------
* Target : mod_jk2 v2.0.2 for Apache 2.0 Win32
* Found by : IOActive Security Advisory
* ----------------------------------------
* Exploit : mod_jk2 v2.0.2 Buffer Overflow Exploit (win32)
* Exploit date : 01.03.2008 - 02.03.2008
* Exploit writer : Heretic2 (heretic2x@gmail.com)
* OS : Windows ALL
* Crew : Dreatica-FXP
* ----------------------------------------
* Info : Exploit was found by IOActive Security Advisory, trivial exploit for win32.
* The only problem here is that the mod_jk2 forstly downcase all letter in Host
* header request, Metasploit v3 have solutions for this case:
* 1. Use non-upper encoder
* 2. Use non-alpha encoder
* i used the first variant here. and all is working good.
* ----------------------------------------
* Thanks to:
* 1. IOActive Security Advisory ( )
* 2. The Metasploit project ( http://metasploit.com )
* 3. Dreatica-FXP crew ( )
* ----------------------------------------
* This was written for educational purpose only. Use it at your own risk. Author will be not be
* responsible for any damage, caused by that code.
************************************************************************************
*/