5d20c14812
10 new exploits Wordpress Plugin IMDb Profile Widget 1.0.8 - Local File Inclusion WordPress Photocart Link Plugin 1.6 - Local File Inclusion LShell <= 0.9.15 - Remote Code Execution Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 1 Apple Quicktime < 7.7.79.80.95 - FPX File Parsing Memory Corruption 2 Apple Quicktime < 7.7.79.80.95 - PSD File Parsing Memory Corruption CubeCart 6.0.10 - Multiple Vulnerabilities Kamailio 4.3.4 - Heap-Based Buffer Overflow ATutor 2.2.1 Directory Traversal / Remote Code Execution Metaphor - Stagefright Exploit with ASLR Bypass
27 lines
1.3 KiB
Text
Executable file
27 lines
1.3 KiB
Text
Executable file
Source: https://github.com/NorthBit/Metaphor
|
|
|
|
Metaphor - Stagefright with ASLR bypass By Hanan Be'er from NorthBit Ltd.
|
|
|
|
Link to whitepaper: https://raw.githubusercontent.com/NorthBit/Public/master/NorthBit-Metaphor.pdf
|
|
|
|
Twitter: https://twitter.com/High_Byte
|
|
|
|
Metaphor's source code is now released! The source include a PoC that generates MP4 exploits in real-time and bypassing ASLR. The PoC includes lookup tables for Nexus 5 Build LRX22C with Android 5.0.1. Server-side of the PoC include simple PHP scripts that run the exploit generator - I'm using XAMPP to serve gzipped MP4 files. The attack page is index.php.
|
|
|
|
The exploit generator is written in Python and used by the PHP code.
|
|
|
|
usage: metaphor.py [-h] [-c CONFIG] -o OUTPUT {leak,rce,suicide} ...
|
|
|
|
positional arguments:
|
|
{leak,rce,suicide} Type of exploit to generate
|
|
|
|
optional arguments:
|
|
-h, --help show this help message and exit
|
|
-c CONFIG, --config CONFIG
|
|
Override exploit configuration
|
|
-o OUTPUT, --output OUTPUT
|
|
Credits: To the NorthBit team E.P. - My shining paladin, for assisting in boosting this project to achieve all the goals.
|
|
|
|
|
|
Proof of Concept:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/39640.zip
|