BigNerd95
commented
5 years ago Pre 6.0 versions are not multithread if I'm not wrong So stack clash technique doesn't work
Closed stdnoerr closed 3 years ago
BigNerd95
commented
5 years ago Pre 6.0 versions are not multithread if I'm not wrong So stack clash technique doesn't work
stdnoerr
commented
5 years ago So that mean 5.x versions can't be exploited?
stdnoerr
commented
5 years ago Can i have your Social Media account to talk to you in real-time?
BigNerd95
commented
5 years ago I think it can be exploited, but in another way Anyway send me an email
Hi! I am customizing the exploit to work on 5.x Versions more specifically 5.20 I reversed the www binary and extracted pseudo code of the readPOSTData function I noticed that the code was quite similar to that of 6.38.4
But there is no pthread_attr_setstacksize in the code.So, i am not able to find the exact stacksize but there are functions called pthread_create, pthread_exit, pthread_cond etc but pthread_create seems interesting. It is called by another function named _pthread_create.Whose code is:-
Could you please help me is making the exploit work on 5.20 version. The CrashPOC and StackClackPOC both are working perfectly. I am also attaching the www binary of 5.30 x86
www.zip