Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Crow is an async C++ HTTP/WebSocket library for creating flash web services.

The framework implemented pipelining, which is async HTTP. This allows for different workers to get multiple HTTP requests at once, speeding up the service.

However, the server was not built to handle this. All of the variables were global and were meant to handle one request at a time down a connection. Changes were made to fix this but not everything was found.

The function check_destroy is used to delete the connection object once both the read and write flags are cleared. These flags are modified regardless of how many open requests there are. As a result, after the first write occurs, the connection will be destroyed, even though there is another call in the queue.

Interesting cause of a vulnerability and difficult to simply stumble across. A good fuzzer which truly hit all functionality probably would have found this though.