Log in

No account? Create an account
brad's life [entries|archive|friends|userinfo]
Brad Fitzpatrick

[ website | bradfitz.com ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

utf-8 shellcode [Jul. 14th, 2004|10:56 am]
Brad Fitzpatrick
There's a great article in Phrack 62 about shellcode encoded as valid UTF-8 so you can exploit applications which process XML.


[User Picture]From: gaal
2004-07-14 12:03 pm (UTC)
Ha, "%eax is evil", "pop %eax has an instruction code of its own - and a very UTF-8 friendly one, too".

Good stuff!
(Reply) (Thread)
[User Picture]From: nick
2004-07-14 12:27 pm (UTC)
bottom of the article...


always get a chuckle when I run across random livejournal references...
(Reply) (Thread)
From: snej
2004-07-14 01:43 pm (UTC)
You can tell Google to email you whenever they find news articles that mention LiveJournal. I get two or three a day.
(Reply) (Parent) (Thread)
[User Picture]From: nick
2004-07-14 01:58 pm (UTC)
well shit... why don't you just take all the fun out of it?
(Reply) (Parent) (Thread)
[User Picture]From: jc
2004-07-15 12:50 am (UTC)
Call me a spoilsport if you must, but evan set up dailylj which serves much the same purpose.
(Reply) (Parent) (Thread)
[User Picture]From: scsi
2004-07-14 12:50 pm (UTC)

Oh No!

I better protect my xbox config file then.. :)
(Reply) (Thread)
From: snej
2004-07-14 01:42 pm (UTC)
That's x86 shellcode. I love that they don't even bother to spell out what processor they're coding for; it's just taken for granted.

The good thing about this CPU monoculture is that it makes me feel so much safer running my oddball PowerPC =)
(Reply) (Thread)
[User Picture]From: erik
2004-07-14 04:11 pm (UTC)
I love it when you make posts that I don't understand a single word of. :P
(Reply) (Thread)