CVE-2007-2668
published 2007-05-14CVE-2007-2668: Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.11%
89.5th percentile
Buffer overflow in webdesproxy 0.0.1 allows remote attackers to execute arbitrary code via a long URL, possibly involving the process_connection_request function in webdesproxy.c.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webdesproxy | webdesproxy | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
webdesproxy 0.0.1 - 'exec-shield' GET Remote Code Execution
exploitdb·2007-05-14
CVE-2007-2668 webdesproxy 0.0.1 - 'exec-shield' GET Remote Code Execution
webdesproxy 0.0.1 - 'exec-shield' GET Remote Code Execution
---
/*
**
** Fedora Core 6 (exec-shield) based
** Webdesproxy (webdesproxy-0.0.1.tgz) remote root exploit
** (reverse connect-back method) by Xpl017Elz
**
** Advanced exploitation in exec-shield (Fedora Core case study)
** URL: http://x82.inetcop.org/h0me/papers/FC_exploit/FC_exploit.txt
**
** vendor: http://webdesproxy.sourceforge.net/
**
** vade79/v9 [email protected] (fakehalo/realhalo)'s exploit:
** http://fakehalo.us/xwdp-cygwin.c
**
** --
** exploit by "you dong-hun"(Xpl017Elz), .
** My World: http://x82.inetcop.org
**
*/
/*
** -=-= POINT! POINT! POINT! POINT! POINT! =-=-
**
** We should focus on uninitialized pb structure variable on .bss.
** This static variable is quite useful. we can put a command to run here.
** We only
Exploit-DB
webdesproxy 0.0.1 - GET Remote Buffer Overflow
exploitdb·2007-05-12
CVE-2007-2668 webdesproxy 0.0.1 - GET Remote Buffer Overflow
webdesproxy 0.0.1 - GET Remote Buffer Overflow
---
/*[ webdesproxy[v0.0.1]: (cygwin) remote buffer overflow exploit. ]*
* *
* by: vade79/v9 [email protected] (fakehalo/realhalo) *
* *
* compile: *
* gcc xwdp-cygwin.c -o xwdp-cygwin *
* *
* syntax: *
* ./xwdp-cygwin [-r] -h host -p port *
* *
* webdesproxy homepage/url: *
* http://sourceforge.net/projects/webdesproxy/ *
* http://webdesproxy.sourceforge.net/ *
* *
* I was curious on how cygwin-related (stack) buffer overflows *
* behaved, so i browsed around for opensource cygwin-related *
* projects and this fella popped up. not overly popular, but *
* good for learning/exploration. one interesting note is it is *
* easy to make universal cygwin exploits as cygwin1.dll is *
* usually included with the program, making for possible static *
*
No writeups or analysis indexed.
2007-05-14
Published