Showing posts from June, 2018

2 tiny bugs in sqlmap

I was at SecTalks-Canberra tonight and a workshop was being given on SQL injection. The speaker was talking about sqlmap, so I thought instead of spending the time doing the actual workshop content, which was quite good, I thought would have a quick look at the sqlmap code. sqlmap/extra/icmpsh/icmpsh-s.c int main(int argc, char **argv) { ...         unsigned int max_data_size; ...         // parse command line options         for (opt = 1; opt < argc; opt++) {                 if (argv[opt][0] == '-') {                         switch(argv[opt][1]) { ...                                 case 's':                                         if (opt + 1 < argc) {                                                 max_data_size = atol(argv[opt + 1]);                                         }                                         break; ...         in_buf = (char *) malloc(max_data_size + ICMP_HEADERS_SIZE);         out_buf = (char

NetBSD NFS Kernel Vulnerability

This was from InfoSect's first group auditing session. There must be a lot of embedded NetBSD systems running NFS..